Terms of Service
EFFECTIVE APRIL 22, 2024
The Sourcer Terms of Service is comprised of the following agreements:
Terms of Use
EFFECTIVE APRIL 22, 2024
This document explains the rules that keep our marketplace running.
We call these rules our Terms of Use. They apply to sourcer.com and all the websites and apps we own or run. (And by we, we mean Sourcer and our affiliates, which we may also refer to as us.)
These terms explain how we expect you to behave when you’re using Sourcer – whether you’re a registered user or unregistered site visitor on our site.
Please read these rules carefully: by using our site, you’re agreeing to follow them.
1. About licenses and third party content
Here we’ve included the conditions for using our site, which we do our best to keep running smoothly (1.1). That means we have the right to stop people from using our site and services if needed (1.2).
You can’t use our intellectual property (1.3), but you can post your own content to Sourcer. You’re responsible for this content (1.4), and equally, we’re not responsible for content you come across from other users (1.5). If you think someone is using something you’ve copyrighted, just let us know (1.6).
1.1 We let you use our site and services
Technically, we’re giving you a ‘limited license’ to the site. Here’s what that means.
We’re happy for you to access our website and services (known as the services). You’re free to have this access (or limited license) as long as you follow these terms of use and all of our other Terms of Service as they apply to you.
We’ll do our best to make sure our services are safe and working as they should, but we can’t guarantee you’ll have access continuously. In fact, we might even stop providing certain features or the services completely, and don’t have to give notice if we do.
1.2 We can stop letting you use our services
We can take away your right to use our services at any time.
If you violate our Terms of Use or other parts of our Terms of Service, we can take away your access to Sourcer. Officially, this is called terminating your license, and if it happens, we’ll tell you and you must stop using our services immediately.
1.3 We keep the rights to our intellectual property
Using our services doesn’t mean you can use any of our trademarks or other intellectual property, like copyrights and patents. We keep all of our rights to our intellectual property, even though we let you use our services.
Our logos and names are our trademarks and registered in certain jurisdictions. Any other product or company names, logos or similar marks and symbols you see on Sourcer may be trademarked by our partners or other users like you.
1.4 You can use Sourcer to share your content with the world
1.4.1 You’re responsible for what you post
You’re responsible for how you use our site and anything you post on it. If someone makes a claim against us because of anything you put on the site, you agree to compensate us for our legal fees and expenses (the lawyers call this, ‘indemnification’).
When you post content on (or through) our site or give us content for posting, you agree that you’re completely responsible for that content and we’re not. You also agree to only post or give us content that:
- you have the right to post
- is legal
- doesn’t violate anyone’s rights, including intellectual property rights.
You acknowledge and agree that whoever posts content is responsible for any harm caused to anyone by that content – not Sourcer – and that you’ll compensate and defend us, our partners, employees and representatives against any costs or legal or government action we have because of your content.
1.4.2 Other people have some rights to what you post
By posting content on the site, you give other people some rights to that content.
Whenever you post content on our site, you give us and our affiliates a permanent right (called an ‘irrevocable and non-exclusive worldwide license’) to use, edit and share that content – across the world and without paying royalties. If your name, voice and image appear in content you post, we also might use those on the site or in our day-to-day business. For example, if you’re a supplier, we might share your profile with clients we think could be a good match.
You also give each user and site visitor the right to access and use your content through the site. They also have the right to use, copy and share your content – as long as they do it through the site, and follow both our Terms of Service and the law.
We might show ads near your content and information, without compensating you. Depending on choices you make in your profile, we might also include your name or photo when promoting one of our features.
1.4.3 We’re open to your ideas
We’d love to hear your thoughts on improving Sourcer. Here’s what happens when you share them.
You can send us comments and suggestions about our services and ways to improve them. If you do, you’re agreeing your ideas are free and unsolicited, and you don’t expect or ask anything in return, unless we’ve specifically asked you for your ideas and offered something in return (we like to keep our word).
You agree we’re free to use, change and share the idea as we like, without being obligated to to give you anything for it. And if you do send us an idea, you also agree that this doesn’t affect our right to use similar or related ideas – including those we already have or get from others.
1.5 Third parties post on Sourcer, too
Anyone else who uses our site is responsible for what they post or link on Sourcer.
We’re not responsible for the accuracy or reliability of any content shared by other people on our site, unless they’re officially working for us when they share or post the content. Any content represents the views of the person sharing it, not Sourcer.
Our site might also contain links or other access to third-party websites and applications. These sites and applications are owned and run by other parties, not Sourcer. If we use a link or application that goes to a third-party website, it doesn’t mean that we endorse it and you agree that you use it without our endorsement.
1.6 You can make a copyright complaint
If you think content on our site infringes your rights, you can ask to have it removed.
We’re committed to following U.S. copyright and related laws and need site visitors and users to follow them as well. That means you can’t use our site to store or share anything that infringes anyone’s intellectual property rights, including their rights under U.S. copyright law.
If you own copyrighted work and think your rights under U.S. copyright law have been infringed by anything on our site, the Digital Millennium Copyright Act means you can ask us to take it down. To start the process, please contact us at: legalnotices@sourcer.com.
2. What you’re allowed to do on Sourcer
You can only use our services for work and to learn from the information we share.
Our site and services were made to be used for business, not for personal or consumer use. We run our marketplace to help companies find each other, build working relationships, and make and receive payments for that work.
You can also use some of our services to get information we think might be interesting and useful for our site visitors and users – like our Sourcer blog. While we do our best to make sure that this information is timely and accurate, there might sometimes be mistakes. We don’t make any guarantees about information posted on our site, so never use it as tax or legal advice. And you should always double-check the information for yourself.
3. What you’re not allowed to do on Sourcer
Certain uses of the site are not allowed. Here we go into much more depth about those things, including:
- posting unacceptable content (3.1)
- acting in a misleading or fraudulent way (3.2)
- treating others unfairly (3.3)
- abusing our feedback system (3.4)
- other uses that aren’t allowed (3.5)
In short, you’re not allowed to use our services to do (or encourage others to do) anything that is illegal, fraudulent or harmful. If you don’t see something on one of the lists below, you shouldn’t assume it’s allowed. When in doubt, contact us to check.
3.1 Posting unacceptable content
You can’t offer, share, support or try to find anything that:
- is illegal or defamatory
- is violent, discriminatory or harassing, either generally or towards a specific person or group (or encourages others to be), including anyone who is part of a legally protected group
- is sexually explicit or related to sex work or escort services
- is in any way related to child exploitation
- would infringe on any intellectual property rights, including copyrights
- would violate our Terms of Service, another website’s terms of service, or any similar contract
- would go against professional or academic standards or policies – including improperly submitting someone else’s work as your own, or by ghost-writing essays, tests, or certifications
- involves purchasing or requesting a fake review or is connected in any way to making or sharing misleading content which is intended to deceive others.
3.2 Acting in a misleading or fraudulent way
On Sourcer, you can’t do anything that’s dishonest or meant to fool others.
You can’t misrepresent your company, your resources’ experience, skills or professional qualifications, or that of others. This includes:
- lying about your resources’ experience, skills or professional qualifications
- using generative AI or other tools to substantially bolster inquiries from clients or work product if such use is restricted by your client or violates any third-party’s rights
- passing off any part of another company’s profile or identity as your own
- impersonating or falsely attributing statements to any person or entity, including a Sourcer representative
- falsely claiming or implying you’re connected to a person or organization (including Sourcer) – for example, you can’t say you work with a particular company when you don’t, and suppliers can’t use a resource’s profile if they’ve stopped working together.
Similarly, you must always be honest about who’s doing the work. That means you can’t:
- allow someone else to use your account, which misleads other users or
- falsely claim one resource will do a job when another will actually do it – including submitting a profile of the resource who can’t or won’t do the work.
We’re particularly invested in avoiding fraud and misrepresentations when it comes to payments. This means:
Suppliers can’t fraudulently charge a client in any way, including by:
- reporting or billing time the engaged resource haven’t actually worked
- reporting time worked by someone else and claiming the engaged resource did the work
- demanding payments without the intention of or without actually providing services in exchange for the payment.
Clients can’t engage in fraud related to payments, including by:
- posting requisitions with payment terms that are objectively unreasonable or disproportionate to the scope of services requested
- demanding services without the intention of or without actually providing payment in exchange for the services.
3.3 Treating others unfairly
Everyone should be treated fairly and legally on Sourcer.
You can’t use Sourcer to:
- express an unlawful preference in a requisition, inquiry or submission
- unlawfully discriminate against someone
- incite or encourage violence
- post personal identifying information or other sensitive, private data about another person
- spam other companies with inquiries or submissions. This includes posting the same requisition several times at once and contacting people you connected with on Sourcer outside of Sourcer without their permission
- make or demand bribes or payments for anything other than the work
- ask for or demand free work – you can’t ask suppliers to submit work for little or no payment as part of a proposal bid or competition
- request a fee in order to submit an inquiry or submission.
3.4 Abusing our feedback system
You must use our feedback system honestly and fairly.
That means you can’t:
- withhold payment or work until you’ve been given positive feedback
- swap payment (or anything of value) for feedback, including with third parties
- coerce another company by threatening negative feedback
- use the system to share unrelated views (like about politics or religion)
- offer or accept fake services to improve your feedback or rating score, which is called feedback building
3.5 Other uses that aren’t allowed
Sourcer relies on technology and trust – here’s how we maintain those things.
- You can’t copy, share or give away your account. You can’t have multiple accounts and you can’t sell, trade or give your account to anyone else without our permission.
- You can’t promote other organizations – including advertising any other websites, products or services. You also can’t use our site to recruit suppliers or clients to join another agency, website or company, unless you pay us a fee to do so.
- You can’t interfere with our technology or tamper with our site or services. That means you can’t:
- bypass any security features we’ve put in place to restrict how you use the site – you’re not allowed to try and get around restrictions on copying content
- interfere with or compromise our systems, server security, or transmissions
- use a robot, spider, scraper, or similar mechanisms on our site without written permission
- copy, distribute, or otherwise use any information you found on Sourcer, if whether directly or through third parties (like search engines), without our consent (no scraping allowed)
- collect or use identifiable information, including account names
- overwhelm the site with an unreasonable or large amount of information
- introduce any malware or any other code or viruses that could harm us, our customers, or our services
- access our services through any technology other than our interface
- frame or link to the services without our written permission
- use our services to build a similar service, identify or poach our users or publish any performance or benchmark analysis relating to the site
- reverse engineer, decipher, modify, or take source code from our site that is not open source without our written permission.
4. Enforcing our terms of use
If you break any of these rules, we can suspend your account and stop you from using Sourcer (4.1). If you see someone else breaking these rules, please let us know (4.2).
4.1 We enforce these rules
We have the right to look into any potential violations of these terms of use, and might decide to pause, change or take away any content on our site when we do.
We can’t guarantee that we’ll take action against every potential violation, but just because we don’t take action against one breach doesn’t waive our right to take action against any future breaches, whether they’re related to the first breach or not.
If we do suspect rule-breaking, we can stop you using our site at any time. If we disable or close your account, you won’t be able to use any of our services, but these things will stay in place:
- our rights to use and share your feedback
- our users’ and visitors’ rights to share your content (1.4.2)
- your agreement to all the rules laid out in section 3 on this page.
4.2 Tell us if you see someone breaking these rules
What to do if you become aware of a violation of our Terms of Use.
If you believe anyone is breaking any of our terms of use, please let our customer service team know.
If we follow up on the breach, you agree to help with our investigation and take reasonable steps to help us fix the problem.
5. Definitions
Here, we explain some of the terms we’ve used in our Terms of Use. Any other terms in italics should be defined when they’re mentioned, throughout the Terms of Service.
An affiliate is anyone or anything that in any way manages, is managed by, or shares management with us.
A customer is a company using our site to source talent services from a supplier.
A supplier is a company using our site to offer their services to customers.
Supplier services refer to the work supplier’s resources offer to their customers.
A means of direct contact is information that would let someone get in touch with you directly (or find the information to do that) so you can bypass our site. For example, phone numbers, email and physical addresses, social media accounts, and personal websites with contact information are means of direct contact.
Site services are all services, applications and products – apart from supplier services – that people can access through Sourcer.
Content is what users post to Sourcer themselves, like comments, profiles, feedback, images, or other information. It includes anything posted by you even if elements of the content were originally generated by generative AI or other tools, or in response to questions posed to you by Sourcer or other users or Sourcer.
Job Board Terms and Conditions
EFFECTIVE DECEMBER 12, 2024
Welcome to Sourcer. The Sourcer website and any associated mobile and software applications on which these Job Board Terms of Service Agreement (“Terms”) are posted (together, the “Website” or “Service”) is comprised of various web pages operated by Sourcer, Inc. (“Sourcer,” “us,” “we,” or “our”). “You” or “Your” refer to “Job Seekers” who are searching or applying for jobs, “Employers” who are posting jobs (including both the individual user posting the job opportunity and any company or business identified in the job posts), or any other users who are accessing or using the Service. The Service is offered to you conditioned on your acceptance without modification of these Terms. These Terms constitute a legally binding agreement between Sourcer and you concerning your use of the Service. We encourage you to print these Terms or save them to your device or computer for reference.
Disclaimer for Third-Party Content
Our Service enables you to search, save, and receive updates for job postings made available by third parties. Job Seekers may also apply for jobs, and Employers may post jobs, through the Service. If you select a job posting that redirects to an external third-party website, you will be redirected to that website for more information. If an Employer has posted a job using the Service, you may review and apply for that job as outlined below. You acknowledge and agree that we are a listing service only and have no responsibility for the content or accuracy, completeness, or lawfulness of the listings or the jobs they may describe. You are solely responsible for investigating the job postings you choose to select.
We do not own or control the posts listed on the Service. Sourcer may review Employer posts in its discretion, but it is not responsible for screening or censoring third-party job postings or content. Sourcer does not control the hiring process or communications between consumers and any third-party employers. Sourcer makes no representations or warranties regarding any third-party content, including job postings or applications. Under Section 230 of the Communications Decency Act (and similar laws), Sourcer is a platform service and not the publisher or speaker of any third-party content.
Dispute Resolution
This section outlines how you and Sourcer will handle disputes arising from these Terms, the Privacy Policy, or the Service or Website. It is crucial that you read this section carefully.
Claims and Governing Law. A “Claim” refers to any claim or dispute between you and us or any third-party beneficiary, arising from these Terms, the Privacy Policy, and the Service. These Terms, including the interpretation and enforcement of this dispute resolution provision and any Claims, shall be exclusively governed by the Federal Arbitration Act, federal arbitration law, and, if not inconsistent, the laws of the State of Delaware, excluding choice of law rules. If you agree to a Provider’s separate terms, those terms will control with respect to any claims between you and the Provider, if inconsistent with these terms.
Informal Dispute Process. Our goal is to resolve all Claims to optimize customer satisfaction. Before seeking arbitration relief, you agree to first notify our Customer Service Department to attempt to resolve any Claims against us. You can reach us at legalnotices@sourcer.com. Participating in this informal process is a prerequisite to initiating arbitration or small claims court proceedings, to the fullest extent permitted by applicable laws.
Mandatory Pre-Arbitration Notice Procedure. If the Claim is not resolved through our Informal Dispute Process, the aggrieved party (“Claimant”) must follow this Pre-Arbitration Notice Procedure before commencing arbitration:
- The Claimant must send the other party a formal written Notice of the Claim by certified mail at 1111B S Governors Ave, Ste 20165, Dover, DE 19904 and email to legalnotices@sourcer.com.
- The Notice must contain the Claimant’s full name, address, email, description of relevant facts and basis of the Claim, damages and recovery sought, and a signed statement verifying the accuracy of the information.
- After receiving the Notice, the parties will negotiate in good faith to resolve the dispute for 30 days, which may include an individualized video conference or phone call attended by both parties. Optionally, in addition to both parties, a party’s attorney may also attend this individualized video conference or phone call. The parties agree to work together cooperatively to schedule this individualized video conference or phone call as soon as possible after the receipt of the Notice.
- If no agreement is reached within 30 days, the Claimant may commence arbitration proceedings.
- Compliance with the Informal Dispute Process and the Mandatory Pre-Arbitration Notice Procedure is a condition precedent to initiating arbitration. Statutes of limitations are tolled during the Informal Dispute Process and the Mandatory Pre-Arbitration Notice.
- If the Claimant does not comply with the Notice Procedure, a court, upon request by a party, must enjoin an arbitration filing or continued prosecution, and an arbitration administrator cannot initiate or assess fees related to the arbitration. If a party commences an arbitration prior to completing the Notice Procedure, the arbitration provider shall administratively close the arbitration. Furthermore, a party may seek damages from any party who does not comply with the Mandatory Pre-Arbitration Notice procedure.
Arbitration Agreement. The parties agree that any unresolved Claims will be resolved exclusively through final and binding arbitration according to the following terms, except as otherwise provided further below:
- Claims will only be resolved through arbitration, not in a court of law.
- Arbitration will be governed by applicable National Arbitration & Mediation (“NAM”) rules, as modified by this arbitration agreement, and administered by NAM or another provider that is agreed-upon or appointed by a court. The NAM rules include the Comprehensive Dispute Resolution Rules and Procedure and the Supplemental Rules for Mass Arbitration, as may be amended by these Terms. You may find the NAM rules online at www.NAMADR.com. You may find the form to start an arbitration on the NAM website.
- Arbitration will be conducted before a single arbitrator who will resolve any Claims, as well as any disagreements regarding the scope, enforceability, formation, interpretation, applicability, enforceability, voidness, or voidability of these Terms or the dispute resolution provisions of the Terms. All remedies will be available to the arbitrator, and the arbitration decision will be final and binding.
- The arbitration will be conducted in person in the county where you live or at another mutually agreed location, and may be conducted by telephone, videoconference, or written submissions upon request.
- Payment of fees will be governed by the NAM Rules, unless you qualify for a fee waiver under applicable law. Each party shall pay its own attorneys’ fees, unless otherwise required by statute.
- The arbitrator may consolidate multiple related arbitrations upon request, but cannot preside over any form of representative or class proceeding unless all individuals have initiated and are currently pursuing arbitration under this Agreement.
- As in court, counsel representing a party in arbitration certifies compliance with Federal Rule of Civil Procedure 11(b), and the arbitrator is authorized to impose sanctions under the NAM Rules, Federal Rule of Civil Procedure 11, or applicable federal or state law.
Limitations to Arbitration
- Instead of arbitration, you or we may bring any individual Claim in small claims court, but only if the Claim(s) are brought on an individual basis and are below the statutory maximum amount permitted in small claims court.
- If you choose to pursue the Claim(s) in a small claims action, it may only be filed in the country of your residence or in Kent County, Delaware.
- Nothing in this section will limit either party’s ability, if and as allowed by applicable law, to seek injunctive relief in aid of arbitration or a “public injunction” in a court of competent jurisdiction or to seek to compel arbitration, stay a case during arbitration, or enter judgment on, confirm, modify, or vacate an arbitration award.
- Arbitration is required if you reside or bring a Claim in the United States or any country that enforces arbitration agreements. If you are not bringing a Claim in, and are not a resident of, the United States, you may be allowed to file a Claim in a court of competent jurisdiction on an individual basis in the city in which you reside under the laws of that city, after completing the Informal Dispute Process and the Mandatory Pre-Arbitration Notice Procedure.
Class Action Waiver
THIS AGREEMENT LIMITS YOUR RIGHTS TO BRING CLAIMS IN COURT OR AS PART OF A CLASS ACTION. BY ACCEPTING THESE TERMS, YOU AGREE THAT ALL CLAIMS MUST BE BROUGHT IN ARBITRATION ON AN INDIVIDUAL BASIS ONLY. YOU WAIVE THE RIGHT TO PARTICIPATE AS A CLASS MEMBER OR REPRESENTATIVE IN ANY CLASS ACTION OR REPRESENTATIVE PROCEEDING. THE ARBITRATOR MAY NOT JOIN OR CONSOLIDATE CLAIMS FROM MULTIPLE PARTIES, MAY NOT PRESIDE OVER ANY CLASS, REPRESENTATIVE, OR CONSOLIDATED ACTION, AND MAY NOT AWARD RELIEF BEYOND WHAT’S NECESSARY FOR THE INDIVIDUAL CLAIM. THIS WAIVER OF CLASS ACTION RIGHTS IS A CRUCIAL PART OF THIS AGREEMENT. IF THIS WAIVER IS FOUND TO BE LIMITED OR VOID, THE ENTIRE ARBITRATION AGREEMENT BECOMES NULL AND VOID, SUBJECT TO APPEAL. YOU ACKNOWLEDGE THAT WITHOUT THESE TERMS, YOU WOULD HAVE THE RIGHT TO SUE IN COURT WITH A JURY. BY AGREEING TO THESE TERMS, YOU ARE KNOWINGLY WAIVING THESE RIGHTS IN FAVOR OF INDIVIDUAL ARBITRATION.
This dispute resolution provision applies equally to all parties and shall not be interpreted to the disadvantage of the party who drafted it. If any part of this provision is found to be unenforceable, that specific part shall be severed from the agreement. The remaining portions of the agreement will continue to be valid and enforceable to the fullest extent permitted by law.
Privacy
Your use of the Service is subject to Sourcer’s Privacy Policy, which forms a part of these Terms. Please review our Privacy Policy, which also governs the Service and informs users of our data collection practices.
Availability, Errors, and Inaccuracies
We are constantly updating product and service offerings on the Service. We may experience delays in updating information on the Service and in our advertising on other websites. The information found on the Service may contain errors or inaccuracies and may not be complete or current. While Sourcer reserves the right to remove content from the Service, such as for errors or violating these Terms, it does not assume any obligation to do so and disclaims any liability for failing to do so.
Billing; No Refunds (Absent Limited Exception)
Employers posting a job on Sourcer agree to pay the entire amount due at checkout and any applicable taxes (minus any deduction for coupons, which have no cash value). If there is a conflict between any specific billing or other job posting terms at checkout and these Terms, the terms at checkout will apply. Payments are handled through Stripe, and you consent to your payment method to be charged for all outstanding amounts. You agree to only provide accurate and complete billing and payment information; and you represent that you are authorized to use the payment method for your purchase. You agree that Sourcer is entitled to interest at the highest rate permitted by law plus fees and costs incurred in collecting any due payments. You further agree that your purchase may be subject to currency or exchange fees, depending on your location.
Employers agree to pay fees outlined at the time of purchase or renewal. Some listings may be offered on a subscription basis and will automatically renew for recurring periods. By selecting a subscription, you agree that your credit or debit card or payment method on file will continue to be charged for additional subscription periods until you cancel. You may cancel at any time by clicking the link in your confirmation or renewal email or by emailing us at support@sourcer.com before the next renewal period with your email address used to purchase the subscription.
Cancellations are effective on the next billing date. You will not receive a prorated fee or refund if you cancel your subscription in the middle of a payment period. Once cancelled, you will lose access to the respective subscription services, and your subscription will end. We may change the subscription plan fees but only upon notice to you with an opportunity to cancel.
There are no refunds, except in cases, in Sourcer’s sole reasonable discretion, involving material posting errors that were caused solely by Sourcer that were not remedied within 5 days of your reporting of those errors to us. There will be no refunds in any other circumstances, including if Employers close job postings early or if your account or posting is terminated for cause.
Accounts and Features
General. If you create an account, such as through email or Google or other third-party sign-up, you warrant that your information is accurate and authorized. You are solely responsible for your account activity, including any job postings or applications, purchases, and confidentiality; you must notify us of suspicious or unauthorized account or other activity relating to the Service, and we disclaim all liability for use of your account. You are responsible for all activity related to your account, and you should not share login credentials. We retain the right to terminate or suspend your account or remove your content, such as if you violate these Terms or any applicable laws.
Job Seekers. Job Seekers may apply for jobs through the Service, either through their account, by providing information through the Service, or by clicking a job posting to be redirected to a third-party website for further action, depending on the type of Employer listing. Unless Job Seekers are redirected to a third-party website, Job Seekers will be requested to provide their name, resume (which may be uploaded and virus scanned or manually typed using a text field), and other information, which will be provided to the respective Employer(s). Please carefully choose what to submit as Job Seekers cannot see or manage their applications after they are submitted. You should ensure that your contact information, resume, and any content that you provide are all accurate and complete, and that they do not contain any sensitive personal information or content that you do not want disclosed.
Employers. Employers may list job postings through the Service through their Sourcer account for the time period and price as outlined at the time of purchase. Employers agree to provide all required information to post a job, including billing information, and agree that all job postings will comply with these Terms and all applicable laws, including in the jurisdiction where the job is solicited and to be performed and where you are located. Job postings will be promptly (but not immediately) posted and may be reviewed and/or removed for violation of these Terms. Employers may choose to receive Job Seeker applications through their Sourcer account, by email or to have Job Seekers redirected to an external URL provided by the Employer. If Employers use a Sourcer account, they may log in to view, edit, and close their job postings, view receipts for purchased job postings, and view drafts of job postings before purchase. In Sourcer’s discretion, Sourcer may share Employer job postings with its partners for purposes of further publication of the respective job posting(s). Employers agree to only use Job Seeker information obtained through the Service in strict confidence for the sole purpose of seeking qualified candidates for jobs. Employers may not sell or disclose application information, including resumes, to third parties or “spam” or contact Job Seekers for purposes other than fulfilling the job posting. Employers further agree to implement appropriate measures to prevent unauthorized or illegal processing of consumers’ personal information, to protect such information against loss or damage, and to comply with applicable data privacy and security laws and standards, including by posting an accurate privacy policy on any websites that redirect from the Service and maintaining reasonable data security protocols to protect Job Seeker data. If you are using the Service on behalf of a business that provides evidence that you are not authorized to act on its behalf, we may remove you from associated accounts.
Prohibited Activities
General. In using the Service you agree not to: (i) copy, distribute, or disclose any part of the Service in any medium, including without limitation by any automated or non-automated “scraping”; (ii) use any automated system, including without limitation “robots,” “spiders,” “offline readers,” etc., to access the Service in a manner that sends more request messages to our servers than a human can reasonably produce in the same period of time by using a conventional online website; (iii) transmit spam, chain letters, or other unsolicited email; (iv) attempt to interfere with, compromise the system integrity or security, or decipher any transmissions to or from the servers running the Service; (v) take any action that imposes, or may impose, an unreasonable or disproportionately large load on our infrastructure; (vi) upload invalid data, viruses, worms, or other software agents through the Service; (vii) collect or harvest any personally identifiable information from the Service, except as expressly permitted by the features of the Service; (viii) use the Service for any commercial solicitation purposes without our express prior consent; (ix) impersonate another person or otherwise misrepresent your affiliation with a person or entity, including in creating and using an account, conducting fraud, hiding, or attempting to hide your identity; (x) interfere with the proper working of the Service; (xi) access any content on the Service through any technology or means other than those provided or authorized by the Service; (xii) bypass the measures we may use to prevent or restrict access to the Service, including without limitation features that prevent or restrict use or copying of any content or enforce limitations on use of the Service or the content therein; (xiii) create, use, edit, or publicize an account or any content, including a Job Seeker application, or Employer post, without proper authorization; (xiv) provide any false, misleading, or unlawful information to us or in connection with the Service; (xv) use the Service in any way that violates these Terms or any applicable law, infringes the rights of third parties, or constitutes fraud, abuse, or harassment; or (xvi) use or monitor the Service for any competitive commercial purpose.
Job Seekers. Job Seekers further agree to only submit applications using real, accurate information about themselves and to only use the Service in compliance with these Terms and all applicable laws. By applying for a job using the Service, Job Seekers consent to their job application being shared with third parties interested in contacting them about their application.
Employers. Employers further agree to comply with all requirements for job postings, as outlined in these Terms, and with all applicable laws.
Job Postings
Employers may only post listings for bona fide paid jobs for qualified individuals. Each posting may only correspond to one open job opportunity or position. Employers agree they have all appropriate intellectual property and other rights to post content using the Service, including to any trademarks, logos, and copyrights, and to provide any licenses outlined in these Terms. Employers should use easily understandable language and describe the required duties, qualifications, and compensation, including, if applicable, any part time, independent contractor, or commission terms. Employers agree to not post any jobs if the job or listing will violate these Terms or any applicable laws. In particular, Employers may not use the Service to post the following:
- Listings where no current job opening exists as stated;
- Listings where any content or job (including any listed eligibility requirements) violates any labor, employment, anti-discrimination, equal opportunity, data privacy, or intellectual property laws or standards;
- Opportunities where individuals need to pay prior to consideration;
- Multi-level marketing opportunities (or “MLMs”) or pyramid schemes;
- Unpaid positions, focus groups, or survey opportunities;
- Advertisements of any kind (other than as part of the job posting);
- Infringing content or content that you do not have permission to share;
- Requirements for individuals to forward sensitive personal information;
- Listings aimed at or collecting information about children;
- Solicitations for businesses or business opportunities;
- Solicitations for sexually-oriented services or goods;
- Opportunities in countries subject to economic sanctions by the U.S.;
- Content or links that contain any false or misleading information;
Content or links that are unlawful, defamatory, threatening, exploitative, obscene, lewd, violent, harassing, inappropriate, or objectionable or that does not relate to a legitimate job posting (for example, keywords that are not related to the job posting); or - Listings seeking to collect contact information for resale or any purpose other than hiring for the specific role outlined in the job posting.
If you are an Employer posting a job through the Service, it is your responsibility to ensure that your posting and job comply with all applicable laws. Employers agree that they are solely responsible for any liability arising out of their job posting and any material arising out of such posting, including email responses or links to which Job Seekers are redirected, and that they will defend and indemnify Sourcer for any related claims as outlined below. While Employers may include those hiring for their own organization as well as recruiters, staffing agencies, etc., anyone posting a job through the Service agrees to comply with these Terms on behalf of themself as well as the hiring organization and to defend and indemnify Sourcer for any job posting.
Job postings and applications are subject to review, including for compliance with these Terms and for viruses or other harmful content, and subject to rejection and removal. However, Sourcer is under no obligation to review or take action against any content and has no liability for third-party content.
Employers agree that Sourcer may be unable to remove job postings and other content (including intellectual property) once they have been distributed to the public, including to partners for listing jobs or search engines.
Assumption of Risk
Sourcer is not responsible for reviewing third-party content, including Employer or Job Seeker content. You accept that, by using the Service, you may be exposed to content that is inaccurate, incomplete, misleading, offensive, or contrary to your needs or applicable laws; and you understand that there are risks when dealing with other parties online. You assume those risks and all risks of using the Service. It is your responsibility to conduct your own due diligence, including through any interviews, research, and reference checks, and you are solely responsible for your interactions with other users, for job postings and applications, and for any hiring or acceptance of a job. Further, Sourcer is not responsible for storing or maintaining any information, subject to applicable laws, and you should make and keep copies of your own data.
Children
The Service is directed to users who are 18 or older and otherwise competent to enter into lawful contracts under applicable law. By using the service, you agree that you are 18 years or older and are competent to enter into contracts. Sourcer does not knowingly collect, either online or offline, personal information from persons under the age of 13.
No Unlawful or Prohibited Use; Intellectual Property
You are granted a non-exclusive, non-transferable, limited, revocable license to access and use the Service subject to your strict compliance with these Terms. As a condition to your use of the Service, you warrant to Sourcer that you will not use the Service for any purpose that is unlawful or prohibited by these Terms or applicable law. You may not use the Service in any manner which could damage, disable, overburden, or impair the Service, or interfere with any other party’s use and enjoyment of the Service. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the Service.
Sourcer’s Service, logos, websites, domains, text, graphics, software, images, trademarks, copyrights, content and features, functionality, source code, arrangement, and other parts of the Service, exclusive of user or third-party content, are the exclusive intellectual property of and owned by Sourcer or its licensors; and the Service and its features and functionality are and will remain the exclusive property of Sourcer and its licensors. The Service is protected by copyright, trademark, and other laws. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of Sourcer.
This notwithstanding, as between you and Sourcer, you will remain the owner of your content, including any reviews or testimonials, Job Seeker applications, Employer job postings (which in turn includes any job description, Employer name, logo, trademarks, and copyrights, and job- related data), and content and websites to which Sourcer users may be redirected from the Service. In using the Service, including by posting or providing any content, you expressly grant to Sourcer a perpetual, non- exclusive, royalty free, worldwide, revocable (unless published to a third party), sublicensable, transferrable license to use, provide, publicly display, adapt, and make derivative works from your content, in any form or media, in connection with the Service and our Privacy Policy, including to post and distribute Employer job postings to the Service, Job Seekers, and partners and to provide Job Seeker applications to Employers. This license includes the right to share Employer job postings with third-party job platforms for purposes of further publication of the respective job posting(s) and for Sourcer to use Employer names and logos, as well as any reviews or testimonials, in marketing Sourcer or the Service. Further, this license will survive even upon termination or if you stop using the Service, provided that you may edit or remove content as provided by these Terms. You warrant that you have the rights and authority to grant this license.
Links to Other Websites
Our Service contains links to third-party websites or services that are not owned or controlled by Sourcer. If you select a job posting that redirects to an external website, you will be redirected to such third-party website.
Sourcer is solely a platform and has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party companies, content, websites, or services. We do not warrant the offerings of any of these third-party entities/individuals or their websites, regardless of whether you apply for an Employer’s job using the Service, are redirected to an Employer’s website, or save listings through your account.
You acknowledge and agree that Sourcer shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services provided by, or available on or through, any such third-party companies, content, websites, or services.
We strongly advise you to read the terms and conditions and privacy policies of any third-party websites or services that you visit.
Termination/Access Restriction
We may terminate or suspend your access to the Service immediately, without prior notice or liability, under our sole reasonable discretion, for any reason whatsoever and without limitation, including but not limited to a breach of the Terms or violation of any applicable law. We may also remove any content, including any job posting or application, for failure to comply with these Terms or if you are engaging or have engaged in fraud or abuse. You may appeal a termination or removal by contacting us within 30 days.
You may terminate your use of the Service at any time by discontinuing your use of the Service, provided that you will still owe any outstanding fees due.
All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, the dispute resolution and arbitration terms, ownership and intellectual property terms (except Sourcer may terminate your license to access and use the Service), warranty disclaimers, indemnity, miscellaneous terms, and limitations of liability.
Indemnification
To the maximum extent permitted by law, you (including any individual user and business using the Service) agree to indemnify, defend (with counsel reasonably acceptable to us), and hold harmless Sourcer, its owners, licensees and licensors, and our/their employees, contractors, agents, officers, and managers, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney’s fees), resulting from or arising out of a) your use of or access to the Service, including your account, content, Job Seeker application, or Employer job post; or b) your violation of these Terms or any applicable law, rules or regulations. Sourcer reserves the right, at its own cost, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you will fully cooperate with Sourcer in asserting any available defenses; and you shall not settle any claims without our express written consent.
Limitation of Liability
IN NO EVENT SHALL SOURCER, NOR ITS MANAGERS, EMPLOYEES, PARTNERS, AGENTS, SUPPLIERS, LICENSORS, OR AFFILIATES, BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION, LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM (I) YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE, OR JOB OR HIRING-RELATED RESULTS FROM, THE SERVICE, INCLUDING ANY ACCOUNT, CONTENT, JOB SEEKER APPLICATION, OR EMPLOYER JOB POST; (II) ANY JOB POSTING OR JOB THAT YOU MAY POST OR OBTAIN IN CONNECTION WITH THE SERVICE; (III) ANY CONDUCT OR CONTENT OF ANY THIRD PARTY, INCLUDING JOB SEEKERS AND EMPLOYERS, ON THE SERVICE; (IV) ANY CONTENT OBTAINED FROM THE SERVICE RELATING TO A THIRD-PARTY JOB POSTING; AND (V) UNAUTHORIZED ACCESS TO, USE OF, OR ALTERATION OF YOUR TRANSMISSIONS OR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, WHETHER OR NOT WE HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE, AND EVEN IF A REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED ITS ESSENTIAL PURPOSE.
SOURCER SHALL HAVE NO LIABILITY FOR RESPONSES TO JOB POSTINGS OR APPLICATIONS, INCLUDING THE QUALITY OR NUMBER OF APPLICANTS, OFFERS, VIEWS, CLICKS, OR THE ORDER IN WHICH YOUR POSTING OR APPLICATION IS DISPLAYED OR DISTRIBUTED.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SOURCER ASSUMES NO LIABILITY OR RESPONSIBILITY FOR (I) ANY ERRORS, MISTAKES, OR INACCURACIES OF CONTENT; (II) ANY PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR ACCESS TO OR USE OF OUR SERVICE; (III) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SERVERS OR YOUR ACCOUNT AND/OR ANY AND ALL PERSONAL INFORMATION STORED THEREIN; (IV) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE SERVICE; (V) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE THAT MAY BE TRANSMITTED TO OR THROUGH OUR SERVICE BY ANY THIRD PARTY; (VI) ANY ERRORS OR OMISSIONS IN ANY CONTENT OR FOR ANY LOSS OR DAMAGE INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, EMAILED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE THROUGH THE SERVICE; AND/OR (VII) ANY USER OR OTHER THIRD-PARTY CONTENT OR THE DEFAMATORY, OFFENSIVE, OR ILLEGAL CONDUCT OF ANY USER OR THIRD PARTY.
THIS LIMITATION OF LIABILITY SECTION APPLIES WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER BASIS, EVEN IF SOURCER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE FOREGOING LIMITATIONS OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW IN THE APPLICABLE JURISDICTION.
Disclaimer
YOUR USE OF THE SERVICE IS AT YOUR SOLE RISK. THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. THE SERVICE IS PROVIDED WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON- INFRINGEMENT, OR COURSE OF PERFORMANCE.
SOURCER AND ITS SUBSIDIARIES, AFFILIATES, AND LICENSORS DO NOT WARRANT THAT A) THE SERVICE WILL FUNCTION OR BE UNINTERRUPTED, SECURE, OR AVAILABLE AT ANY PARTICULAR TIME OR LOCATION; B) ANY ERRORS OR DEFECTS WILL BE CORRECTED; C) THE SERVICE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS; OR D) THE RESULTS OF USING THE SERVICE WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS.
Exclusions
Some jurisdictions do not allow the exclusion of certain warranties or the exclusion or limitation of liability for consequential or incidental damages, so the limitations above may not apply to you.
Changes to Terms
We reserve the right, at our sole discretion, to modify or replace these Terms at any time by posting a new version via the Service or by other notice to you (such as by email). The most current version of the Terms will supersede all previous versions. Sourcer encourages you to periodically review the Terms to stay informed of our updates. By continuing to access or use our Service after any revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, you are no longer authorized to use the Service and will be bound by the prior terms.
We may terminate, suspend, limit, or change any aspect or feature of the Service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation.
DMCA Notice and Procedure for Copyright Infringement Claims
If you believe the Service contains content that infringes on your copyright, please submit a notification to us pursuant to the Digital Millennium Copyright Act (“DMCA”) with the following information in writing to our copyright agent at the address listed below or legalnotices@sourcer.com (see 17 U.S.C §512(c)(3)): an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright’s interest; a description of the copyrighted work that you claim has been infringed, including the URL/location where the copyrighted work exists or a copy of the copyrighted work; identification of the URL or other specific location on the Service where the material that you claim is infringing is located; your address, telephone number, and email address; a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law; a statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf. We will respond as authorized, such as by taking down violative content, and may provide a copy of your notice to the pertinent user. Before submitting a notice, you should consider whether the use could be fair use. If you are unsure about your rights, you should contact an attorney. You may be liable for costs and fees for misrepresentative submissions.
If you believe we removed your content in error, you may file a counter-notice pursuant to the DMCA with the following information in writing to our copyright agent at the address listed below or legalnotices@sourcer.com: a clear description of the material and prior location; a statement that you consent to the jurisdiction of the federal district court for the district where you reside and that you will accept service of process; your contact information; and a statement signed by you under penalty of perjury that you have a good faith belief the content was removed as a result of mistake or misidentification. If you are a repeat infringer, we may terminate your access to the Service under a repeat infringer policy.
Written notices to our copyright agent may be emailed to:
Sourcer Legal
1111B S Governors Ave, Ste 20165
Dover, DE 19904
legalnotices@sourcer.com
If you believe that any content or conduct involving the Service violates Sourcer’s Terms or applicable laws, please contact us.
Consent to Communications
By using the Service, including creating and using an account, posting an Employer job, or submitting a Job Seeker application, you expressly consent to receive electronic and other communications from Sourcer, over the short term and periodically, regarding the Service, your activity, and offers and information that may be of interest to you, including emails with marketing offers and information about your account, job postings, job applications, and saved listings. For more information about the types of communications you may receive from Sourcer and how to opt out of marketing communications, see our Privacy Policy. Further, by posting a job or submitting an application, you agree to be contacted by the respective Employer or Job Seeker about your posting or application using the contact information you provided.
Miscellaneous
These Terms, which incorporate by reference any separate billing and order terms, constitute the entire agreement between you and Sourcer as to the matters in these Terms and supersede any prior agreements. A waiver under these Terms must be in writing to be effective, and waiver of any term or breach will not waive that term or any later breach. These Terms do not create any agency, partnership, employer, or joint venture relationship. The parties shall not be liable for any event beyond that party’s reasonable control, such as a war, epidemic, natural disaster, government order or regulation, explosion, fire, strike, act of God, or other force majeure event. These Terms will be binding upon and inure to the benefit of the parties and their permitted successors and assigns. You may not assign or transfer your rights or obligations under these Terms without the prior written consent of Sourcer. There are no third-party beneficiaries under these Terms except Company Entities where stated. If any provision of these Terms is ruled to be invalid or unenforceable, the remainder of the Terms shall continue to be valid and enforceable, and to this end these Terms are severable.
Contact Us
Sourcer welcomes your questions or comments regarding the Terms.
Please contact us at legalnotices@sourcer.com.
Privacy Policy
EFFECTIVE APRIL 22, 2024
This Privacy Policy explains how and why Sourcer collects, uses, and shares personal information when you interact with or use our Site or Service. It also includes any information Sourcer collects offline in connection with the Service, which we may combine with information from the Site and Service. By reading this Privacy Policy, you will understand your privacy rights and choices.
When we say “Sourcer”, we mean Sourcer, Inc., and any of its affiliates. When we say “Site”, we mean sourcer.com, and when we say “Service”, we mean the Site plus any websites, features, applications, widgets, or online services owned or controlled by Sourcer and that post a link to this Privacy Policy.
As part of the Service, Sourcer provides a marketplace which results in platform information pertaining to different parties to an interaction. Users of the Service may be Customers, Suppliers, or Site Visitors (as each is defined in the Terms of Use). This Privacy Policy applies to Sourcer’s processing of personal information of Users where Sourcer determines the purposes and means of processing. It does not apply to processing of information by Users themselves, who may be controllers of the personal information they access through the Service. For information about how Users process your personal information, please contact them directly.
Accessibility: This Privacy Policy uses industry-standard technologies and was developed in connection with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.
1. Information Collection
a. Information You Provide to Us
When you use the Service, you may provide us with information about you. This may include your name and contact information, financial information to make or receive payment for services obtained through the Sourcer platform, or information to help us calculate sales taxes. When you use the Service, we may also collect information related to your use of the Service and aggregate this with information about other users. This helps us improve our Services for you. Suppliers may also provide us with information about resources associated with the Supplier.
Depending upon our relationship with you, we may collect the following categories and types of personal information from and about you:
Categories of Personal Information We Collect | Examples of Personal Information Collected | Categories of Sources of Personal Information | Business Purpose for Collection of Personal Information |
---|---|---|---|
Identifiers | Name, Social Media Account Information, Profile Data, IP Address | Directly from You or Your use of the Service; Cookies and Other Tracking Technologies; Third Parties (such as affiliates, agents, service providers and other users) | Developing, Improving, and Providing the Service, Identification, Communications, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Contact / Account Profile Information | Email Address, Home Address, Billing Address, Phone Number | Directly from You or Your use of the Service; Third Parties (such as affiliates, agents, service providers and other users) | Developing, Improving, and Providing the Service, Identification, Communicating with You, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Sensitive Personal Information / Government Issued Identification Numbers | VAT Identification Number, Tax Identification Number, Immigration Status, Citizenship Information | Directly from You | Improving and Providing the Service, Verifying Your Identity and Detecting Fraud, Identity Theft, or Other Misuse of Your Account, Legal, Compliance and Regulatory Obligations |
Commercial Information | Transaction Data including services offered, considered, or purchased | Directly from You or Your use of the Service; Third Parties (such as affiliates, agents, service providers and other users) | Developing, Improving, and Providing the Service, Identification, Communications, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Financial Data/Payment Information | Credit card or other financial account information | Directly from You or Your use of the Service; Third Parties (such as affiliates, agents, service providers and other users) | Improving and Providing the Service, Identification, Communications, Security, Legal, Compliance and Regulatory Obligations |
Internet or Other Network or Device Activities Including Information from Cookies | Unique device and app identifiers, browsing history or other usage data, the browser and operating system you are using, the URL or advertisement that referred you to the Service, the search terms you entered into a search engine that led you to the Service, areas within the Service that you visited, which links you clicked on, which pages or content you viewed and for how long, other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages and other information commonly shared when browsers communicate with websites | Directly from You or Your use of the Service; Cookies and Other Tracking Technologies; Third Parties (such as affiliates, agents, service providers and other users) | Developing, Improving, and Providing the Service, Identification, Communications, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Approximate Geolocation Information | Your approximate location | Directly from You or Your use of the Service; Cookies and Other Tracking Technologies; Third Parties (such as affiliates, agents, service providers and other users) | Developing, Improving, and Providing the Service, Identification, Communications, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Sensory Information | Audio recordings if you call our customer service, video recording (if you provide permission) | Directly from You or Your use of the Service; Service Providers; Third Parties (such as affiliates) | Providing and Improving the Service, Identification, Communications, Marketing, Security, Legal, Compliance and Regulatory Obligations |
Platform Communications | Communication Information (e.g., your name, contact information, and, with your consent, the contents of any messages you send) | Directly from You, Your use of the Service, and Users with whom you communicate | Developing, Improving, and Providing and Improving the Service, Security, Legal, Compliance and Regulatory Obligations |
Professional Information | Previous place(s) of employment, position(s), work history, earnings, resume | Directly from You or Your use of the Service; Service Providers; Third Parties (such as other users) | Developing, Improving, and Providing the Service, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Other information that identifies or can be reasonably associated with you | User-generated content, (e.g., community posts, feedback, ratings and job postings), photographs, examples of your work, information on work previously performed via the Service and outside the Service, skills, tests taken, test scores, hourly pay rates and earnings information | Directly from You or Your use of the Service; Service Providers; Third Parties (such as affiliates, agents, and other users) | Developing, Improving, and Providing the Service, Identification, Communications, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
b. Non-Identifying Information and De-Identified Information
- Non-Identifying Information/Usernames: We also may collect other information that does not identify you directly, such as zip codes, demographic data, information about your use of the Service, and general project-related data (“Non-Identifying Information”). We may combine information collected from Sourcer users, whether they are registered or not (“Sourcer Users”). In some cases, we may render Personal Information (generally, email address) into a form of Non-Identifying Information referred to in this Privacy Policy as “Hashed Information.” This is typically accomplished using a mathematical process (commonly known as a hash function) to convert information into a code. While the code does not identify you directly, it may be used by Sourcer’s partners to connect your activity and interests.
- Combination of Personal and Non-Identifying Information: We may combine your Personal Information with Non-Identifying Information, but Sourcer will treat the combined information as Personal Information.
- De-Identified Information: We may also de-identify or aggregate information and convert it into non-personal information so that it can no longer reasonably be used to identify you (“De-Identified Information”). We may use De-Identified Information for any of the purposes described in the “We Use Information We Collect” section below. We will maintain and use De-Identified Information in de-identified form and will not attempt to reidentify the information, except to confirm our de-identification processes or unless required by law.
c. Information Collected Automatically
Like other online companies, we receive technical information when you use our Services. We use these technologies to analyze how people use the Service, to improve how our Site functions, to save your log-in information for future sessions, and to serve you with advertisements that may interest you.
Sourcer and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movement around the website, the desktop app, and the mobile app, and to gather demographic information about our user base as a whole. The technology used to collect information automatically from Sourcer Users may include cookies, web beacons, and embedded scripts. In addition, we and our marketing partners, affiliates, analytics, and service providers may use a variety of other technologies (such as tags) that collect similar information for security and fraud detection purposes and we may use third parties to perform these services on our behalf.
For further information on cookies and how they are used for the Service, please visit our Cookie Policy at sourcer.com/legal/cookie-policy.
d. Analytics Providers, Ad Servers and Similar Third Parties
We may work with advertising agencies and vendors who use technology to help us understand how people use our Site. These vendors may use technologies to serve you advertisements that may interest you. You can choose to opt out of receiving certain interest-based advertising.
Sourcer works with (or may in the future work with) ad networks, ad agencies, analytics service providers and other vendors to provide us with information regarding traffic on the Service, including pages viewed and the actions taken when visiting the Service; to serve our advertisements on other websites, within mobile apps and elsewhere online; and to provide us with information regarding the use of the Service and the effectiveness of our advertisements. Our service providers may collect certain information about your visits to and activity on the Service as well as other websites or services, they may set and access their own tracking technologies on your device (including cookies and web beacons), and may use that information to show you targeted advertisements. Some of these parties may collect Personal Information when you visit the Service or other online websites and services. We may also share certain Non-Identifying Information with these parties, including Hashed Information, in connection with the services they provide to us. If you wish to opt out of interest-based advertising from participating companies, click here (or if located in the European Union, click here). You must opt out on each device and each browser where you want your choice to apply. If you choose to opt out, please note you will continue to receive advertisements, but they may be less relevant to you.
While we may use a variety of service providers to perform advertising services, some of these companies are members of the Network Advertising Initiative (“NAI”) or the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. You may want to visit http://www.networkadvertising.org/managing/opt_out.asp, which provides information regarding targeted advertising and the “opt-out” procedures of NAI members. You may also want to visit http://www.aboutads.info/choices/, which provides information regarding targeted advertising and offers an “opt-out” by participating companies in the DAA Self-Regulatory Program.
e. Do Not Track Signals and GPC
Please note that your browser setting may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. Sourcer does not generally alter its practices when it receives a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Global Privacy Control (GPC) is a technical specification that you can use to inform websites of your privacy preferences regarding ad trackers. If you do choose to set up GPC, it may impact the functionality of the Site, but we honor the GPC signal on a per-browser basis automatically in your cookie preferences.
f. Children
The Service is general audience and intended for users 18 and older. We do not knowingly collect Personal Information from anyone younger than age 18. If we become aware that a child younger than 18 has provided us with Personal Information, we will use commercially reasonable efforts to delete such information from our files. If you are the parent or legal guardian of a child younger than age 18 and believe that Sourcer has collected Personal Information from your child, please contact us at: legalnotices@sourcer.com.
2. Use of Information
We use information collected through the Service to provide and improve the Service, develop new Services and products, process your requests, prevent fraud, provide you with information and advertising that may interest you, comply with the law, and as otherwise permitted with your consent.
a. We Use Information We Collect:
- To provide and improve the Service, complete your transactions, address your inquiries, process your registration, verify the information you provide is valid, and for compliance and internal business purposes.
- To contact you with administrative communications and Sourcer newsletters, marketing or promotional materials (on behalf of Sourcer or third parties) and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the instructions in the Your Choices and Rights section, below.
- To tailor content we display to you and offers we may present to you, both on the Service and elsewhere online.
- To administer and develop our business relationship with you and, if applicable, the corporation or other legal entity you represent.
- To enforce and comply with the law, including to conduct an investigation, to protect the property and rights of Sourcer or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, fraudulent, unethical or legally actionable activity. We may also use Device Identifiers to identify Sourcer Users.
- For the purposes disclosed at the time you provide your information, with your consent, and as further described in this Privacy Policy.
- To Honor Our Contractual Commitments to You. Much of our processing of Personal Information is to meet our contractual obligations to our investors, or to take steps at Users’ request in anticipation of entering into a contract with them.
- For Our Legitimate Interests. In many cases, we handle Personal Information on the grounds that it furthers our legitimate interests in commercial activities, such as the following, in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
- Providing our Site and Service.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
- Measuring interest and engagement in our Services.
- Short-term, transient use, such as contextual customization of ads.
- Improving, upgrading or enhancing our Services.
- Developing new products and services.
- Ensuring internal quality control and safety.
- Authenticating and verifying individual identities.
- Debugging to identify and repair errors with our Services.
- Auditing relating to interactions, transactions and other compliance activities.
- Enforcing our agreements and policies.
- Analyzing and improving our business.
- Communications, including marketing and responding to your inquiries about our services.
- Addressing information security needs and protecting our Users, Sourcer, and others.
- Managing legal issues.
- To Comply with Legal Obligations. We need to use and disclose Personal Information in certain ways to comply with our legal obligations.
3. Data Retention
Unless you request that we delete certain information, we will only retain your personal information for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements, as well as ongoing fraud prevention, backup, and business continuity purposes.
4. Information Sharing and Disclosure
We do not sell your Personal Information for monetary consideration, and we do not share your Personal Information with third parties for those third parties’ marketing purposes unless we first provide you with the opportunity to opt-in to or opt-out of such sharing. However, we may use technologies on our Site for the purposes of advertising or marketing to you and understanding how you interact with our ads. This may be considered a “sale” or “sharing” of personal information for targeted advertising under applicable data protection laws. We may also share information we have collected about you, including Personal Information, as disclosed at the time you provide your information, with your consent, as otherwise described in this Privacy Policy, or for the following business or commercial purposes:
Sourcer Users | For Suppliers who have entered into an engagement with a Customer, we may share their information with Customer. For Suppliers who choose to submit a submission via the Service, we may share their information with the applicable Customer(s). For Customers who have entered into an engagement, we may share your information in order to complete the transaction or to facilitate the resolution of a claim or dispute. The Supplier(s) receiving your information is not allowed to use it for purposes unrelated to the transaction, such as to contact you for marketing purposes, unless you have expressly consented to it. |
Sourcer Users | We may employ service providers and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services (e.g., without limitation, maintenance services, database management, web analytics and online advertising, payment processing, fraud detection and improvement of Sourcer’s features) or to assist us in analyzing how our Service is used. These Service providers may include analytics companies, advertising partners, payment processors, identity verification companies, security companies, generative AI partners, or other merchants. These third parties may have access to your Personal Information in order to perform these tasks on our behalf. |
Generative AI Partners | We enhance certain features of our Service by integrating trusted generative AI service providers. We may share the information you provide while using these features with these generative AI service providers, as well as additional information necessary to utilize the feature. Where Sourcer uses this information to power features, we leverage certain treatments of the data appropriate for the feature, including but not limited to, first removing personal information and only using public data. Where a feature involves a generative AI service provider and requires the use of identifying information you submit to the feature, you may choose to either not use that feature or not opt-in to generative AI features more broadly. The Service includes a two-sided marketplace, which results in platform information pertaining to both parties on either side of an interaction. Thus, if a Customer or Supplier chooses to use our generative AI features, the platform information associated with that user’s account – including information described above – may be used to power those features, subject to limitations based on the other party’s choices. |
Legal and Investigative Purposes | Sourcer will share information with government agencies as required by law including (without limitation) in response to lawful requests by public authorities to meet national security or law enforcement requirements and in connection with reporting earnings. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), or, at the request of governmental authorities or other third parties conducting an investigation where we determine in our sole discretion the disclosure is necessary to (a) protect the property and rights of Sourcer or a third party, (b) protect the safety of the public or any person, or (c) prevent or stop activity we may consider to be, or pose a risk of being, illegal, fraudulent, unethical or legally actionable activity. |
Internal and Business Transfers | Sourcer may share information, including Personal Information, with any current or future subsidiaries or affiliates, primarily for business and operational purposes, including activities such as IT management, for them to provide services to you, or support and supplement the Services we provide. We may sell, transfer, or otherwise share some or all of our assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets (including, in each case, as part of the due-diligence process with any potential acquiring entity) or in the event of bankruptcy. |
Sweepstakes, Contests, and Promotions | We may offer sweepstakes, contests, and other promotions (any, a “Promotion”) that may require registration. |
Non-Identifying Information and De-Identified Information | We may share aggregated Non-Identifying Information and we may otherwise disclose Non-Identifying Information (including, without limitation, Hashed Information) or De-Identified Information to third parties. |
Categories of Personal Information We Have Shared in the Preceding 12 Months | Categories of Third Parties with whom We Share Personal Information | Whether This Category is Used for Targeted Advertising |
---|---|---|
Identifiers | Analytics Companies, Identity Verification Companies, Advertising Partners, Payment Processors, Other Merchants, Sourcer Users, Government Agencies (as required by law) | Yes |
Contact Information | Analytics Companies, Advertising Partners, Payment Processors, Other Merchants, Sourcer Users, Government Agencies (as required by law) | Yes |
Sensitive Personal Information / Government Issued Identification Numbers | Identity Verification Companies, Security Companies, Other Merchants, Sourcer Users, Government Agencies (as required by law) | No |
Commercial Information | Payment Processors, Security Companies, Analytics Companies, Other Merchants, Sourcer Users, Government Agencies (as required by law) | No |
Financial Data/Payment Information | Payment Processors, Security Companies, Other Merchants, Sourcer Users, Government Agencies (as required by law) | No |
Internet or Other Network or Device Activities Including Information from Cookies | Analytics Companies, Advertising Partners, Other Merchants, Government Agencies (as required by law) | Yes |
Approximate Geolocation Information | Analytics Companies, Advertising Partners, Other Merchants, Sourcer Users, Government Agencies (as required by law) | Yes |
Sensory Information | Other Merchants, Sourcer Users, Government Agencies (as required by law) | No |
5. Your Choices and Rights
You may have certain choices and rights associated with your personal information, including opting out of targeted advertising or other disclosures to third parties. Residents of certain locations may have the right to have an authorized agent submit requests on your behalf. You or your authorized agent may request that Sourcer honor these rights by contacting us as outlined in the “Contact Us” section below.
Non-Discrimination: You will not receive any discriminatory treatment by us for the exercise of your privacy rights.
Verifying Your Request: Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf. We will only use the personal information that you have provided in a verifiable request in order to verify your request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive or manifestly unfounded.
For Individuals Located in the European Economic Area (EEA), United Kingdom (UK) or Switzerland:
You have a number of rights under applicable data protection laws in relation to your personal information. Under certain circumstances, you have the right to:
- Have access to your personal information by submitting a request to us;
- Have your personal information deleted;
- Have your personal information corrected if it is wrong;
- Have the processing of your personal information restricted;
- Object to further processing of your personal information, including to object to marketing from us;
- Make a data portability request;
- Withdraw any consent you have provided to us;
- Restrict any automatic processing of your personal information; and
- Complain to the appropriate Supervisory Authority.
To exercise any of these rights, please contact us as outlined in the “Contact Us” section below.
Notice for California Residents
“Shine the Light” and “Eraser” Laws: Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.
California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA): The CCPA, as amended by the CPRA, provides California residents and/or their authorized agents with specific rights regarding the collection and processing of their personal information.
Your Right to Know: California residents have the right to request that we disclose the following information to you about our collection and use of your personal information over the past twelve (12) months. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Upon verification, we will disclose to you:
- The categories of personal information we have collected about you.
- The categories of sources for the personal information we have collected about you.
- The specific pieces of personal information we have collected about you.
- Our business or commercial purpose for collecting or “selling” your personal information as defined by the CCPA.
- The categories of third parties to whom we have sold or shared your personal information, if any, and the categories of personal information that we have shared with each third-party recipient.
Your Right to Opt-Out of “Sale” or “Sharing” of Personal Information: California residents have the right to opt-out of the “sale” or “sharing” of their personal information as defined by the CCPA by contacting us using the information in the “Contact Us” section below.
Please note that we do not knowingly “sell” the personal information of any individuals under the age of 18.
Where we are “sharing” your personal information with third parties for the purposes of cross-context behavioral advertising or profiling, you may opt-out of such sharing at any time by submitting a request as directed on the homepage of our website or by contacting us using the information in the “Contact Us” section below.
Your Right to Limit Use of Sensitive Personal Information: California residents may have the right to request that businesses limit the use of any sensitive personal information to those uses which are necessary to perform the Services or for other specifically-enumerated business purposes under the CCPA, as amended by the CPRA. Please note that we do not use sensitive personal information other than as necessary to perform the Services or as specifically permitted under the CCPA.
Your Right to Delete: California residents have the right to request that we delete any of the personal information collected from you and retained by us, subject to certain exceptions. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Once your request is verified and we have determined that we are required to delete the requested personal information in accordance with the CCPA, we will delete, and direct our service providers to delete your personal information from their records. Your request to delete personal information that we have collected may be denied if we conclude it is necessary for us to retain such personal information under one or more of the exceptions listed in the CCPA.
Your Right to Correct: Under the CCPA, as amended by the CPRA, California residents have the right to request that we correct any inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes for which we are processing such personal information. We will use commercially reasonable efforts to correct such inaccurate personal information about you.
Non-Discrimination: You will not receive any discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.
Notice for Nevada Residents
Under Nevada law, certain Nevada residents may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by emailing privacyrequests@sourcer.com. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
Notice for Residents of Certain Other States
The laws of your state of residence (“Applicable State Law”) may provide you with certain rights, including the following:
Your Right to Confirm and Access: You have the right to confirm whether we are processing personal information about you and access the personal information we process about you.
Your Right to Portability: You have the right to obtain a copy of the personal information we maintain and process about you in a portable and, to the extent technically feasible, readily-usable format.
Your Right to Delete: You have the right to request that we delete the personal information we maintain or process about you.
Your Right to Correct: You have the right to request that we correct inaccuracies in the personal information we maintain or process about you, taking into consideration the nature and purpose of such processing.
Your Rights to Opt-Out: You have the right to opt-out of certain types of processing of personal information, including:
- Opt-Out of the “sale” of personal information as defined by Applicable State Law;
- Opt-Out of targeted advertising by us;
- Opt-Out of automated profiling for the purposes of making decisions that produce legal or similarly significant effects.
Please note, as explained above, we do not “sell” personal information as that word is traditionally defined. However, we do share personal information with third parties to provide you with personalized advertising from us and to better understand how you interact with our Services. Through the use of cookies, we may also make available certain personal information to third parties for targeted advertising.
Appeals Process and Other Concerns
Certain information may be exempt from the rights described above under applicable law. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process. Depending on your location, you may also email legalnotices@sourcer.com with the subject “Data Privacy Request Appeal” to provide us with details about why you are appealing the decision.
If you have an unresolved privacy or data use concern that we have not addressed to your satisfaction, please contact our U.S.-based third-party dispute resolution provider free at https://feedback-form.truste.com/watchdog/request.
6. Security
We take a number of steps to protect your data, but no security is guaranteed.
Sourcer takes reasonable steps to help protect and secure the information it collects and stores about Sourcer Users. We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information that we receive against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure or use.
7. Cross-Border Data Transfers
Because we are a U.S. company, we process and store your information in the United States and our service providers may process and store it elsewhere.
Sourcer may transfer your personal information to a third party that is located in a jurisdiction other than the one from which we collected your personal information, including to countries that have not been deemed to have an adequate level of protection for the rights and freedoms of data subjects. If we do transfer your personal information to another jurisdiction, we will do so following due diligence and provided that the data recipient is subject to contractual agreements imposing obligations on it to ensure appropriate technical and organizational are implemented and maintained at all times to prevent the unauthorized and unlawful processing of personal information, and the accidental loss or destruction of, or damage to, personal information, consistent with our obligations under applicable data protection laws.
We will use appropriate legal transfer mechanisms, including Standard Contractual Clauses, where required by law.In addition, Sourcer is self-certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework, as described below. Personal information from EU and Swiss residents will be treated in accordance with the Data Privacy Framework Principles. To exercise any legal right to see copies of the data transfer mechanism documents that Sourcer uses to transfer data to third parties, please contact us.
Data Privacy Framework Notice
Sourcer, Inc. has certified that its U.S. operations adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) with respect to the personal Information that they receive in reliance on the Privacy Shield. In July 2023, all members of the Privacy Shield, including Sourcer, automatically became members of the Data Privacy Framework (“DPF”). Our DPF certification is available at https://www.dataprivacyframework.gov/s/participant-search. To learn more about the DPF program, please visit https://www.dataprivacyframework.gov/s/.
When Sourcer or one of its affiliates receives Personal Information under the DPF and then transfers it to a third party service provider acting as an agent on their behalf, Sourcer or its affiliate may have certain responsibility under the DPF if both (i) the agent processes the information in a manner inconsistent with the DPF and (ii) Sourcer or its affiliate is responsible for the event giving rise to the damage.
Covered European residents should contact Sourcer at the contact information below regarding Sourcer’s or its affiliates’ compliance with the DPF. Sourcer will attempt to answer your questions and satisfy your concerns in a timely and complete manner as soon as possible. If, after discussing the matter with Sourcer, your issue or complaint is not resolved, Sourcer and the above-named affiliates have agreed to participate in the DPF independent dispute resolution mechanisms listed below, free of charge to you. PLEASE CONTACT SOURCER FIRST.
For other Personal Information Sourcer or its affiliates receive under the DPF, Sourcer and its affiliates have committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Data Privacy Framework Principles to an independent dispute resolution mechanism, JAMS Data Privacy Framework Dispute Resolution, operated by JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information and to file a complaint.
If your complaint still is not resolved through these channels, under limited circumstances, an additional binding arbitration option may be available before a DPF panel, as described at https://www.dataprivacyframework.gov/s/. Every individual also has a right to lodge a complaint with the relevant supervisory authority.
8. Links to Other Sites
Our Service contains links to other websites. If you choose to click on a third-party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. We encourage you to read the privacy policies or statements of the other websites you visit.
9. Changes to This Policy
We may change this Privacy Policy. If we make substantial changes, we will provide notice.
This Privacy Policy is effective as of the date stated at the top of this page. Sourcer may update this Privacy Policy at any time and any changes will be effective upon posting. By accessing or using the Service after we notify you of such changes to this Privacy Policy, you are deemed to have accepted such changes. Please refer back to this Privacy Policy on a regular basis.
10. Contact Us
To request that Sourcer honor any of the rights described in this Policy contact us as outlined below.
If you have any questions about this Privacy Policy, please contact us at legalnotices@sourcer.com, or by mail addressed to Sourcer, Attn: Legal, 1111B S Governors Ave, Ste 20165, Dover, DE 19904, USA. You may also contact us by phone at 415-574-0205.
Global Data Processing Agreement
EFFECTIVE APRIL 22, 2024
The Client agreeing to these terms (“Customer”), and Sourcer, Inc. or any other entity that directly or indirectly controls, is controlled by, or is under common control with Sourcer, Inc. (as applicable, “Sourcer”) (each, a “party” and collectively, the “parties”), have entered into an agreement under which Sourcer has agreed to provide a marketplace where Clients and Suppliers can identify each other and advertise, buy, and sell Supplier Services online, with such other services, if any, described in the agreement (the “Service”) to Customer (as amended from time to time, the “Agreement”). Unless otherwise agreed to in writing by you and Sourcer, to the extent Sourcer processes any EU personal data for you as a controller (as defined by the General Data Protection Regulation (EU) 2016/679) in your role as a Customer as defined in this Global Data Processing Agreement (the “DPA”), this DPA applies. This DPA, including its appendices, supplements the Agreement. To the extent of any conflict or inconsistency between this DPA and the remaining terms of the Agreement, this DPA will govern.
1. Introduction
This DPA reflects the parties’ agreement with respect to the processing and security of Customer Data under the Agreement.
2. Definitions
2.1 The terms “personal data”, “data subject”, “processing”, “controller”, “processor” and “supervisory authority” have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Standard Contractual Clauses, in each case irrespective of whether the European Data Protection Legislation or Non-European Data Protection Legislation applies.
2.2 Unless stated otherwise:
- “Affiliate” means any entity that controls or is under common control with a specified entity.
- “Agreed Liability Cap” means the maximum monetary or payment-based amount at which a party’s liability is capped under the Agreement.
- “Confidential Information” means any information or materials (regardless of form or manner of disclosure) that are disclosed by or on behalf of one party to the other party that (i) are marked or communicated as being confidential at or within a reasonable time following such disclosure; or (ii) should be reasonably known to be confidential due to their nature or the circumstances of their disclosure. The term “Confidential Information” does not include any information or materials that: (a) are or become generally known or available to the public through no breach of this Agreement or other wrongful act or omission by the receiving party; (b) were already known by the receiving party without any restriction; (c) are acquired by the receiving party without restriction from a third party who has the right to make such disclosure; or (d) are independently developed by or on behalf of the receiving party without reference to any Confidential Information.
- “Customer Account Data” means personal data that relates to Customer’s relationship with Sourcer, including the names and/or contact information of individuals authorized by Customer to access Customer’s Sourcer account and billing information of individuals that Customer has associated with its Sourcer account.
- “Customer Personal Data” means the personal data contained within the Customer Data.
- “Customer Data” means the data entered into the Service by or on behalf of any End User, but excludes Customer Account Data.
- “End User” means an authorized user of the Service under Customer’s account.
- “Data Incident” means a breach of Sourcer’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Sourcer. “Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Customer Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
- “EEA” means the European Economic Area, Switzerland, and/or the United Kingdom.
- “European Data Protection Legislation” means, as applicable: (a) the GDPR and its respective national implementing legislations; and/or (b) the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”).
- “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- “EU SCCs” means the EU Standard Contractual Clauses approved by the European Commission in decision 2021/914 located at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.
- “Non-European Data Protection Legislation” means, as applicable, the data protection or privacy laws, regulations, and other legal requirements other than the European Data Protection Legislation.
- “Notification Email Address” means the contact email address that you provided to Sourcer for the purpose of receiving notices from Sourcer.
- “Security Measures” has the meaning given in Section 7.1.1 (Sourcer’s Security Measures).
- “Subprocessors” means third parties authorized under this DPA to have logical access to and process Customer Data in order to provide parts of the Service. For clarity, freelancers that clients engage via Sourcer are not Subprocessors under this DPA.
- “Term” means the period from the DPA’s effective date until the end of Sourcer’s provision of the Service, including, if applicable, any period during which provision of the Service may be suspended and any post- termination period during which Sourcer may continue providing the Service for transitional purposes.
- “United Kingdom International Data Transfer Agreement or Addendum” (“UK IDTA”) means either, as applicable, (a) the International Data Transfer Agreement when used under the UK GDPR, or (b) the International Data Transfer Addendum to the EU SCCs issued by the Commissioner under s119A(1) of the Data Protection Act 2018, version A1.0, in force from March 21, 2022.
3. Duration of this DPA
This DPA will remain in effect until, and automatically expire upon, deletion of all Customer Data by Sourcer as described in this DPA.
4. Data Protection Legislation
4.1 Application of European Legislation. The parties acknowledge that the European Data Protection Legislation will apply to the processing of Customer Personal Data to the extent provided under the European Data Protection Legislation.
4.2 Application of Non-European Legislation. The parties acknowledge that Non-European Data Protection Legislation may also apply to the processing of Customer Personal Data.
5. Processing of Data
5.1 Roles and Regulatory Compliance; Authorization.
5.1.1 Processor and Controller Responsibilities. If the European Data Protection Legislation applies to the processing of Customer Personal Data, the parties acknowledge and agree that:
- 5.1.1.1 Customer is a controller (or processor, as applicable), of the Customer Personal Data under European Data Protection Legislation;
- 5.1.1.2 Sourcer is a processor (or subprocessor, as applicable) of the Customer Personal Data under the European Data Protection Legislation; and
- 5.1.1.3 each party will comply with the obligations applicable to it under the European Data Protection Legislation with respect to the processing of that Customer Personal Data.
5.1.2 Responsibilities under Non-European Legislation. If Non-European Data Protection Legislation applies to either party’s processing of Customer Personal Data, the parties acknowledge and agree that the relevant party will comply with any obligations applicable to it under that legislation with respect to the processing of that Customer Personal Data.
5.1.3 Authorization by Third Party Controller. If Customer is a processor, Customer warrants to Sourcer that Customer’s instructions (defined below) and actions with respect to that Customer Personal Data, including its appointment of Sourcer as another processor, have been authorized by the relevant controller to the extent required by applicable law.
5.2 Scope of Processing.
5.2.1 The subject matter and details of the processing are described in Appendix 1.
5.2.2 Customer’s Instructions. By entering into this DPA, Customer instructs Sourcer to process Customer Personal Data only in accordance with applicable law: (a) to provide the Service; (b) as further specified through Customer’s use of the Service; (c) as documented in the Agreement, including this DPA; and (d) as further documented in any other written instructions given by Customer and acknowledged by Sourcer as constituting instructions for purposes of this DPA (each and collectively, “Customer’s Instructions”) and only for the foregoing purposes and not for the benefit of any other third party. Sourcer may condition the acknowledgement described in (d) on the payment of additional fees or the acceptance of additional terms.
5.2.3 Sourcer’s Compliance with Instructions. With respect to Customer Personal Data subject to European Data Protection Legislation, Sourcer will comply with the instructions described in Section 5.2.2 (Customer’s Instructions) (including with regard to data transfers) unless EU or EU Member State law to which Sourcer is subject requires other processing of Customer Personal Data by Sourcer, in which case Sourcer will inform Customer (unless that law prohibits Sourcer from doing so on important grounds of public interest) via the Notification Email Address.
6. Data Deletion
6.1 Deletion by Customer. Sourcer will enable Customer to delete Customer Data during the Term in a manner consistent with the functionality of the Service. If Customer uses the Service to delete any Customer Data during the Term and that Customer Data cannot be recovered by Customer, this use will constitute an instruction to Sourcer to delete the relevant Customer Data from Sourcer’s systems in accordance with applicable law. Sourcer will comply with this instruction as soon as reasonably practicable, unless applicable law requires storage. Nothing herein requires Sourcer to delete Customer Data from files created for security, backup, and business continuity purposes sooner than required by Sourcer’s existing data retention processes.
6.2 Deletion on Termination. On expiry of the Term, Customer instructs Sourcer to delete all Customer Data (including existing copies) from Sourcer’s systems in accordance with applicable law. Sourcer will comply with this instruction as soon as reasonably practicable, unless applicable law requires storage. Without prejudice to Section 9.1 (Access; Rectification; Restricted Processing; Portability), Customer acknowledges and agrees that Customer will be responsible for exporting, before the Term expires, any Customer Data it wishes to retain afterwards. If the EU or the UK SCCs are applicable to Sourcer’s processing of Customer Personal Data, the parties agree that the certification of deletion referenced in Clauses 8.5 and 16(d) of the EU and the UK SCCs shall be provided only upon Customer’s written request. Nothing herein requires Sourcer to delete Customer Data from files created for security, backup, and business continuity purposes sooner than required by Sourcer’s existing data retention processes.
7. Data Security
7.1 Sourcer’s Security Measures, Controls and Assistance.
7.1.1 Sourcer’s Security Measures. Sourcer will implement and maintain technical and organizational measures designed to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the “Security Measures”). As described in Appendix 2, the Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of Sourcer’s systems and services; to help restore timely access to personal data following an incident; and for regular testing of effectiveness. Sourcer may update or modify the Security Measures from time to time provided that such updates and modifications do not degrade the overall security of the Service.
7.1.2 Security Compliance by Sourcer Staff. Sourcer will take appropriate steps to ensure compliance with the Security Measures by its staff to the extent applicable to their scope of performance, including ensuring that all such persons it authorizes to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
7.1.3 Sourcer’s Security Assistance. Customer agrees that Sourcer will (taking into account the nature of the processing of Customer Personal Data and the information available to Sourcer) assist Customer in ensuring compliance with any of Customer’s obligations in respect of security of personal data and personal data breaches, including if applicable Customer’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by:
- 7.1.3.1 implementing and maintaining the Security Measures in accordance with Section 7.1.1 (Sourcer’s Security Measures);
- 7.1.3.2 complying with the terms of Section 7.2 (Data Incidents); and
- 7.1.3.2 providing Customer with the information contained in the Agreement including this DPA.
7.2 Data Incidents.
7.2.1 Incident Notification. If Sourcer becomes aware of a Data Incident, Sourcer will: (a) notify Customer of the Data Incident promptly and without undue delay after becoming aware of the Data Incident; and (b) promptly take reasonable steps to minimize harm and secure Customer Data.
7.2.2 Details of Data Incident. Notifications made pursuant to this section will describe, to the extent practicable, details of the Data Incident, including steps taken to mitigate the potential risks and any steps Sourcer recommends Customer take to address the Data Incident.
7.2.3 Delivery of Notification. Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address or, at Sourcer’s discretion, by direct communication (for example, by phone call or an in-person meeting). Customer is solely responsible for ensuring that the Notification Email Address is current and valid.
7.2.4 No Assessment of Customer Data by Sourcer. Sourcer will not assess the contents of Customer Data in order to identify information subject to any specific legal requirements. Customer is solely responsible for complying with legal requirements for incident notification applicable to Customer and fulfilling any third party notification obligations related to any Data Incident(s).
7.2.5 No Acknowledgement of Fault by Sourcer. Sourcer’s notification of or response to a Data Incident under this Section 7.2 (Data Incidents) is not an acknowledgement by Sourcer of any fault or liability with respect to the Data Incident.
7.3 Customer’s Security Responsibilities and Assessment.
7.3.1 Customer’s Security Responsibilities. Customer agrees that, without prejudice to Sourcer’s obligations under Section 7.1 (Sourcer’s Security Measures, Controls and Assistance) and Section 7.2 (Data Incidents):
- 7.3.1.1 Customer is solely responsible for its use of the Service, including:
- 7.3.1.1.1 making appropriate use of the Service to ensure a level of security appropriate to the risk in respect of the Customer Data;
- 7.3.1.1.2 securing the account authentication credentials, systems and devices Customer uses to access the Service;
- 7.3.1.1.3 backing up its Customer Data; and
- 7.3.1.2 Sourcer has no obligation to protect Customer Data that Customer elects to store or transfer outside of the Service.
7.3.2 Customer’s Security Assessment.
7.3.2.1 Customer is solely responsible for reviewing Sourcer’s security processes and evaluating for itself whether the Service, the Security Measures, and Sourcer’s commitments under this Section 7 (Data Security) will meet Customer’s needs, including with respect to any security obligations of Customer under the European Data Protection Legislation or Non-European Data Protection Legislation, as applicable.
7.3.2.2 Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by Sourcer as set out in Section 7.1.1 (Sourcer’s Security Measures) provide a level of security appropriate to the risk in respect of the Customer Data.
7.4 Reviews and Audits of Compliance.
7.4.1 Customer’s Audit Rights.
- 7.4.1.1 If the European Data Protection Legislation applies to the processing of Customer Personal Data, Sourcer will allow Customer or an independent auditor appointed by Customer to conduct audits (including inspections) to verify Sourcer’s compliance with its obligations under this DPA in accordance with Section 7.4.2 (Additional Business Terms for Reviews and Audits). Sourcer will contribute to such audits as described in this Section 7.4 (Reviews and Audits of Compliance).
- 7.4.1.2 If the Standard Contractual Clauses as described in Section 10 (International Data Transfers) are applicable to Sourcer’s processing of Customer Personal Data, without prejudice to any audit rights of a supervisory authority under such Standard Contract Clauses, the parties agree that Customer or an independent auditor appointed by Customer may conduct audits as described in Clauses 8.9(c) and (d) of the EU and the UK SCCs in accordance with Section 7.4.2 (Additional Business Terms for Reviews and Audits).
7.4.2 Additional Business Terms for Reviews and Audits.
- 7.4.2.1 If the European Data Protection Legislation applies to the processing of Customer Personal Data, Customer may exercise its right to audit Sourcer under Sections 7.4.1(a) or 7.4.1(b): (1) where there has been a Data Incident within the previous six (6) months or there is reasonable suspicion of a Data Incident within the previous six (6) months or (2) where Customer will pay all reasonable costs and expenses incurred by Sourcer in making itself available for an audit. Any third party who will be involved with or have access to the audit information must be mutually agreed to by Customer and Sourcer and must execute a written confidentiality agreement acceptable to Sourcer before conducting the audit.
- 7.4.2.2 To request an audit under Section 7.4.1(a) or 7.4.1(b), Customer must submit a detailed audit plan to Sourcer’s Privacy Contact as described in Section 12 (Privacy Contact; Processing Records) at least thirty (30) days in advance of the proposed audit date, describing the proposed scope, duration, and start time of the audit. The scope may not exceed a review of Sourcer’s compliance with the Standard Contractual Clauses or its compliance with the European Data Protection Legislation, in each case with respect to the Customer Data. The audit must be conducted during regular business hours at the applicable facility, subject to Sourcer policies, and may not interfere with Sourcer business activities.
- 7.4.2.3 Following receipt by Sourcer of a request for an audit under Section 7.4.1(a) or 7.4.1(b), Sourcer and Customer will discuss and agree in advance on: (i) the reasonable date(s) of and security and confidentiality controls applicable to any review of documentation; and (ii) the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit under Section 7.4.1(a) or 7.4.1(b).
- 7.4.2.4 Customer will be responsible for any fees it incurs, including any fees charged by any auditor appointed by Customer to execute any such audit.
- 7.4.2.5 Customer will provide Sourcer any audit reports generated in connection with any audit under this section, unless prohibited by law. Customer may use the audit reports only to meet its regulatory audit requirements and to confirm compliance with the requirements of the Standard Contractual Clauses or European Data Protection Legislation. The audit reports, and all information and records observed or otherwise collected in the course of the audit, are Confidential Information of Sourcer under the terms of the Agreement.
- 7.4.2.6 Sourcer may object in writing to an auditor appointed by Customer if the auditor is, in Sourcer’s reasonable opinion, not suitably qualified or independent, a competitor of Sourcer, or otherwise unsuitable. Any such objection by Sourcer will require Customer to appoint another auditor or conduct the audit itself.
- 7.4.2.7 Nothing in this DPA will require Sourcer either to disclose to Customer or its auditor, or to allow Customer or its auditor to access:
- 7.4.2.7.1 any data of any other customer of Sourcer;
- 7.4.2.7.2 Sourcer’s internal accounting or financial information;
- 7.4.2.7.3 any trade secret of Sourcer;
- 7.4.2.7.4 any information that, in Sourcer’s reasonable opinion, could: (A) compromise the security of Sourcer systems or premises; or (B) cause Sourcer to breach its obligations under applicable law or its security and/or privacy obligations to Customer or any third party; or
- 7.4.2.7.5 any information that Customer or its third party auditor seeks to access for any reason other than the good faith fulfillment of Customer’s obligations under the Standard Contractual Clauses or European Data Protection Legislation.
7.4.3 No Modification of Standard Contractual Clauses. Nothing in this Section 7.4 (Reviews and Audits of Compliance) varies or modifies any rights or obligations of Customer or Sourcer under any Standard Contractual Clauses entered into as described in Section 10 (International Data Transfers).
8. Impact Assessments and Consultations
Customer agrees that Sourcer will (taking into account the nature of the processing and the information available to Sourcer) assist Customer in ensuring compliance with any obligations of Customer in respect of data protection impact assessments and prior consultation, including if applicable Customer’s obligations pursuant to Articles 35 and 36 of the GDPR, by providing the information contained in the Agreement including this DPA.
9. Data Subject Rights; Data Export
9.1 Access; Rectification; Restricted Processing; Portability. During the Term, Sourcer will, in a manner consistent with the functionality of the Service, enable Customer to access, rectify and restrict processing of Customer Data, including via the deletion functionality provided by Sourcer as described in Section 6.1 (Deletion by Customer), and to export Customer Data.
9.2 Data Subject Requests.
9.2.1 Customer’s Responsibility for Requests. During the Term, if Sourcer receives any request from a data subject under European Data Protection Legislation in relation to Customer Personal Data, Sourcer will advise the data subject to submit their request to Customer, and Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Service.
9.2.2 Sourcer’s Data Subject Request Assistance. Customer agrees that Sourcer will (taking into account the nature of the processing of Customer Personal Data) reasonably assist Customer in fulfilling an obligation to respond to requests by data subjects described in Section 9.2.1 (Customer’s Responsibility for Requests), including, if applicable, Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR, by complying with the commitments set out in Section 9.1 (Access; Rectification; Restricted Processing; Portability) and Section 9.2.1 (Customer’s Responsibility for Requests).
10. International Data Transfers
10.1 Data Storage and Processing Facilities. Sourcer may, subject to this Section 10 (International Data Transfers), store and process the relevant Customer Data anywhere Sourcer or its Subprocessors maintain facilities.
10.2 Data Transfers under the EU SCCs. The EU SCCs are incorporated into this DPA and apply where the application of the EU SCCs, as between the parties, is required under applicable European Data Protection Legislation for the transfer of personal data. The EU SCCs shall be deemed completed as follows:
- 10.2.1 Where Customer acts as a controller and Sourcer acts as Customer’s processor with respect to Customer Personal Data subject to the EU SCCs, Module 2 applies.
- 10.2.2. Where Customer acts as a processor and Sourcer acts as Customer’s Subprocessor with respect to Customer Personal Data subject to the EU SCCs, Module 3 applies.
- 10.2.3 Clause 7 (the optional docking clause) is not included.
- 10.2.4 Under Clause 9 (Use of sub-processors), the parties select Option 2 (General written authorization).
- 10.2.5 Under Clause 11 (Redress), the optional language will not apply.
- 10.2.6 Under Clause 17 (Governing law), the parties choose Option 1 and select the law of Ireland.
- 10.2.7 Under Clause 18 (Choice of forum and jurisdiction), the parties select the courts of Ireland.
- 10.2.8 Annexes I, II, and III of the EU SCCs are set forth in Appendix 1 below.
10.3 Data Transfers under the IDTA. When used as an addendum to the EU SCCs and the UK IDTA is otherwise required under applicable European Data Protection Law for the transfer of Customer Personal Data, the UK IDTA addendum shall incorporate the selections above and be deemed further completed as follows:
- 10.3.1 Table 1: the parties’ details shall be the parties and their affiliates to the extent any of them is involved in such transfer, including those set forth in Appendix 1, and the Key Contact shall be the contacts set forth in Appendix 1.
- 10.3.2 Table 2: The referenced Approved EU SCCs shall be the EU SCCs incorporated into this DPA.
- 10.3.3 Table 3: Annex 1A, 1B, and II shall be set forth in Appendix 1.
- 10.3.4 Table 4: Either party may end the EU SCCs as set out in Section 19 of the EU SCCs.
10.4 Data Transfers from Switzerland. Where the EU SCCs are required under Swiss data protection law applicable to the transfer of Customer Personal Data, the following additional provisions will apply:
- 10.4.1 References to the GDPR in the EU SCCs are to be understood as references to the Swiss Federal Act on Data Protection (“FADP”) insofar as the data transfers are subject exclusively to the FADP and not to the GDPR.
- 10.4.2 The term “member state” in the EU SCCs shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the EU SCCs.
- 10.4.3 References to personal data in the EU SCCs also refer to data about identifiable legal entities until the entry into force of revisions to the FADP that eliminate this broader scope.
- 10.4.4 Under Annex I(C) of the EU SCCs: where the transfer is subject exclusively to the FADP and not the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner, and where the transfer is subject to both the FADP and the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the FADP, and the supervisory authority is as set forth in the EU SCCs insofar as the transfer is governed by the GDPR.
11. Subprocessors
11.1 Consent to Subprocessor Engagement. Customer specifically authorizes the engagement of Sourcer’s Affiliates as Subprocessors. In addition, Customer generally authorizes the engagement of any other third parties as Subprocessors (“Third Party Subprocessors”). If the Standard Contractual Clauses as described in Section 10 (International Data Transfers) are applicable to Sourcer’s processing of Customer Personal Data, the above authorizations will constitute Customer’s prior written consent to the subcontracting by Sourcer of the processing of Customer Personal Data if such consent is required under the Standard Contractual Clauses.
11.2 Information about Subprocessors.
11.2.1 Information about Subprocessors is available upon request by emailing privacyrequests@sourcer.com (as may be updated by Sourcer from time to time in accordance with this DPA). Subprocessor information will be provided only upon request and is the Confidential Information of Sourcer under this Agreement and must be treated with the level of confidentiality afforded to Confidential Information hereunder.
11.3 Requirements for Subprocessor Engagement. When engaging any Subprocessor, Sourcer will:
a. ensure via a written contract that:
- i. subcontracted to it, and does so in accordance with the Agreement (including this DPA) and any Standard Contractual Clauses entered into or Alternative Transfer Solution adopted by Sourcer as described in Section 10 (International Data Transfers); and
- ii. if the GDPR applies to the processing of Customer Personal Data, the data protection obligations set out in Article 28(3) of the GDPR, as described in this DPA, are imposed on the Subprocessor; and
b. remain liable for all obligations subcontracted to, and all related acts and omissions of, the Subprocessor.
11.4 Opportunity to Object to Subprocessor Changes.
11.4.1 Sourcer may add or remove Subprocessors from time to time. Sourcer will inform Customer of new Subprocessors via a subscription mechanism described in the list of Subprocessors as described above. If Customer objects to a change, it will provide Sourcer with notice of its objection to gdpr-dsar@sourcer.com including reasonable detail supporting Customer’s concerns within sixty days of receiving notice of a change from Sourcer or, if Customer has not subscribed to receive such notice, within sixty days of Sourcer publishing the change. Sourcer will then use commercially reasonable efforts to review and respond to Customer’s objection within thirty days of receipt of Customer’s objection. If Sourcer does not respond to a Customer objection as described above, or cannot reasonably accommodate Customer’s objection, Customer may terminate the Agreement by providing written notice to Sourcer. This termination right is Customer’s sole and exclusive remedy if Customer objects to any new Subprocessor.
12. Privacy Contact; Processing Records
12.1 Sourcer’s Privacy Contact. Privacy inquiries related to this DPA can be submitted to privacyrequests@sourcer.com (and/or via such other means as Sourcer may provide from time to time).
12.2 Sourcer’s Processing Records. Customer acknowledges that Sourcer is required under the GDPR to: (a) collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which Sourcer is acting and, where applicable, of such processor’s or controller’s local representative and data protection officer; and (b) make such information available to the supervisory authorities. Accordingly, if the GDPR applies to the processing of Customer Personal Data, Customer will, where requested, provide such information to Sourcer via the Service or other means provided by Sourcer, and will use the Service or such other means to ensure that all information provided is kept accurate and up-to-date.
13. Liability
13.1 Liability Cap. For clarity, the total combined liability of either party and its Affiliates towards the other party and its Affiliates under or in connection with the Agreement (such as under the DPA or the Standard Contractual Clauses) will be limited to the Agreed Liability Cap for the relevant party, subject to Section 13.2 (Liability Cap Exclusions).
13.2 Liability Cap Exclusions. Nothing in Section 13.1 (Liability Cap) will affect the remaining terms of the Agreement relating to liability (including any specific exclusions from any limitation of liability).
14. Miscellaneous
Notwithstanding anything to the contrary in the Agreement, where Sourcer, Inc. is not a party to the Agreement, Sourcer, Inc. will be a third-party beneficiary of Section 7.4 (Reviews and Audits of Compliance), Section 11.1 (Consent to Subprocessor Engagement) and Section 13 (Liability) of this DPA.
Appendix 1:
Subject Matter and Details of the Data Processing
Subject Matter
Sourcer’s provision of the Service to Customer.
Duration of the Processing
The Term plus the period from the expiry of the Term until deletion of all Customer Data by Sourcer in accordance with the DPA.
Nature and Purpose of the Processing
Sourcer will process Customer Personal Data for the purposes of providing the Service to Customer in accordance with the DPA.
Categories of Data
Data relating to End Users or other individuals provided to Sourcer via the Service, by (or at the direction of) Customer or by End Users. The open nature of the Service does not impose a technical restriction on the categories of data Customer may provide. The personal data transferred may include: name, username, password, email address, telephone and fax number, title and other business information, general information about interest in and use of Sourcer services; and demographic information.
Data Subjects
Data subjects include End Users and the individuals about whom data is provided to Sourcer via the Service by (or at the direction of) Customer or by End Users.
Appendix 2:
Security Measures
Sourcer will implement and maintain the Security Measures set out in this Appendix 2. Sourcer may update or modify such Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Service. Sourcer will:
- Conduct information security risk assessments at least annually and whenever there is a material change in the organization’s business or technology practices that may impact the privacy, confidentiality, security, integrity or availability of Customer Personal Data.
- Regularly and periodically train personnel who have access to Customer Personal Data or relevant Sourcer Systems.
- Maintain secure user authentication protocols, secure access control methods, and firewall protection for Sourcer Systems that Process Customer Personal Data.
- Maintain policies and procedures to detect, monitor, document and respond to actual or reasonably suspected Information Security Incidents.
- Implement and maintain tools that detect, prevent, remove and remedy malicious code designed to perform an unauthorized function on or permit unauthorized access to Sourcer Systems.
- Implement and maintain up-to-date firewalls.
- Implement and use cryptographic modules to protect Customer Personal Data in transit and, when commercially reasonable, at rest.
- Maintain reasonable restrictions on physical access to Customer Personal Data and relevant Sourcer Systems.
Appendix 3:
Annex I of the EU SCCs
A. LIST OF PARTIES
Data exporter(s):
Name: Customer
Activities relevant to the data transferred under these Clauses: Obtaining the Services from Data Importer
Role (controller/processor): Controller or Processor, as applicable
Data importer(s):
Name: Sourcer, Inc.
Address: 1111B S Governors Ave, Ste 20165, Dover, DE 19904 USA
Contact person’s name, position and contact details: Privacy Counsel, legalnotices@sourcer.com
Activities relevant to the data transferred under these Clauses: Providing the Services to Data Exporter.
Role (controller/processor): Processor
В. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
Data subjects include End Users and the individuals about whom data is provided to Sourcer via the Service by (or at the direction of) Customer or by End Users.
Categories of personal data transferred
Data relating to End Users or other individuals provided to Sourcer via the Service, by (or at the direction of) Customer or by End Users. The open nature of the Service does not impose a technical restriction on the categories of data Customer may provide. The personal data transferred may include: name, username, password, email address, telephone and fax number, title and other business information, general information about interest in and use of Sourcer services; and demographic information.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
None anticipated.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Continuously, for the length of the Agreement between the parties.
Nature of the processing
Sourcer will process Customer Personal Data to provide the Service to Customer in accordance with the DPA.
Purpose(s) of the data transfer and further processing
Sourcer will process Customer Personal Data for the purposes of providing the Service to Customer in accordance with the DPA.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
The Term plus the period from the expiry of the Term until deletion of all Customer Data by Sourcer in accordance with the DPA.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
Sourcer’s subprocessors will process personal data to assist Sourcer in providing the Services pursuant to the Agreement, for as long as needed for Sourcer to provide the Services.
C. COMPETENT SUPERVISORY AUTHORITY
The Irish Data Protection Commission.
Annex II of the EU SCCs
TECHNICAL AND ORGANIZATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
See Appendix 2 to the DPA.
Privacy Center
EFFECTIVE APRIL 22, 2024
Privacy At Sourcer
Sourcer understands the importance of data privacy and takes the responsibility of handling and securing personal data seriously. We focus on incorporating data protection principles throughout our platform, program, and services that provide effective data privacy measures for Sourcer, its workforce, partners, and users.
Sourcer’s Privacy and Information Security teams have carefully analyzed applicable privacy laws and regulations and undertaken the necessary steps for our compliance with their requirements. We provide detailed information about the personal data we collect and how we use it in our agreements, in our help articles, and in our Privacy Policy.
Depending on where you are located, you may have certain rights with respect to your personal data, which you can learn about below. Regardless of where you call home, you may close your account or request the deletion of all personal information we have about you at any time.
Learn more about how Sourcer is complying with GDPR and the CCPA in our Privacy Policy.
Europe
The General Data Protection Regulation (GDPR) is a data privacy law that gives residents of the European Union (“EU”) more clarity and control over how their personal data is used. Personal data is anything that can directly or indirectly identify a person, such as a photo, name, bank details, medical information, computer IP address, and so on.
Under the GDPR, companies are required to be transparent about what types of personal data they collect and how they use it, be responsible for secure data processing practices, and provide notification to customers or data subjects when breaches occur.
The United Kingdom General Data Protection Regulation (UK GDPR) is a UK law that is largely based on the GDPR, but went into effect in 2021 as a result of the UK’s withdrawal from the EU. In conjunction with the Data Protection Act 2018, it sets out the key principles, rights and obligations for most processing of personal data in the UK.
The Digital Services Act (DSA) is a European law that aims to ensure a safe and accountable online environment that went into effect November 16, 2022. For the purposes of the DSA, Sourcer has 528 average monthly users in the EU as of January 31, 2024.
Transfer of Data
With respect to transfers that involve personal data that is within the scope of European data protection laws, Sourcer relies on standard contractual clauses as a transfer mechanism to reflect relevant compliance requirements.
We have posted a Data Processing Agreement (“DPA”), governing the relationship between the Customer (as defined in the DPA) and Sourcer with respect to personal data. Unless otherwise agreed to in writing by you and Sourcer, the DPA applies to the extent Sourcer processes any personal data for you as a controller in your role as a Customer.
United States
The data protection landscape in the U.S. is a patchwork of regulations, state laws, and other requirements that are currently in flux. Sourcer’s Legal team performs ongoing monitoring and analysis to determine their application to the personal data we handle and conform to their requirements.
“Sharing” and “Selling” Personal Information
Certain state laws provide rights for individuals to prevent the “sharing” and “sale” of their personal information. Sourcer does not sell your personal information as the term is commonly understood. But we do allow some advertising vendors to use your personal information for internet-based marketing that may be considered “selling” or “sharing” under those definitions. The only means by which Sourcer may “sell” or “share” your personal information is with our third-party marketing partners.
If you are located in a state that provides this right, you may opt out of the “sale” and “sharing” of your personal information by emailing us at privacyrequests@sourcer.com. This opt-out is specific to the browser on the device, so you will need to opt out again if you: 1) later clear your cookies, or 2) visit this site from a different browser or device.
Sensitive Personal Information
State laws have different definitions for personal information that is inherently more sensitive or would pose a greater risk of harm to the individual if mishandled. Sourcer identifies and appropriately handles the data classified as “sensitive personal information” or other elevated classification.
Some state laws allow individuals to limit the use of their sensitive personal information to purposes necessary to perform the services. Sourcer imposes this limitation upon itself inherently, and only uses the limited sensitive personal information it collects to provide, maintain, improve, and secure our services.
How Do I Submit a Data Request?
Depending on where you are located, you may have certain rights with regard to your personal data. These rights may be limited, for example, if fulfilling a request would reveal personal data about another person, or if you ask us to delete data which we are required by law to keep or have compelling legitimate interests in keeping (such as fraud prevention purposes or record retention requirements under applicable laws). In addition, we typically will not remove data you posted publicly or shared with others through or on the Service, as neither you nor Sourcer can delete all copies of data that have been previously shared with others.
If you would like to request to close your account in our system, you can do so through our platform. In addition, you can access, correct, or delete your personal data by making updates to that data through your account. You can also submit a request to us regarding your personal data by emailing privacyrequests@sourcer.com. Please note that if your data is deleted, then your account may become deactivated. If your account is deactivated or you ask to close your account, you will no longer be able to use the platform.
Additional Resources
Cookie Policy
EFFECTIVE APRIL 22, 2024
This policy describes how Sourcer uses cookies and other related technologies (collectively referred to as “cookies”) when you interact with us on https://sourcer.com (the “Site”) as set forth in the Sourcer Privacy Policy.
By visiting or using the Site, you agree that we can use the cookies described in this Cookie Policy. You can stop or update your cookie preferences by changing the settings in your browser (more information on how to do this is provided below) or adjusting the settings at the bottom of the homepage labeled “Cookie Settings”. We may modify this Agreement without notifying you, so please check back often for updates.
What Are Cookies?
Cookies are text files, containing small amounts of information, which are downloaded to your browsing device (such as a computer or smartphone) when you visit a website. Cookies can be recognized by the website that downloaded them, or by other websites that use the same cookies. First-party cookies are cookies that belong to Sourcer, or are placed on your device by Sourcer. Third-party cookies are cookies that another party places on your browsing device through our Site.
What Are Cookies Used For?
Cookies do lots of different jobs, like helping us understand how the Site is being used, letting you navigate between pages efficiently, remembering your preferences, and generally improving your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.
What Type of Cookies Does Sourcer Use?
To provide you with the best browsing experience, Sourcer uses the following types of cookies: Strictly Necessary, Performance, Functional, and Targeting Cookies. You can find out more about each cookie category in the sections below.
Strictly Necessary Cookies
These cookies are essential, as they enable you to move around the Site and use its features, such as accessing secure areas. Without these cookies, some services you have asked for such as payment submission can’t be provided. These cookies cannot be switched off in our systems, because they are necessary for Site functionality. While you can set your browser to block or alert you about these cookies, some or all parts of the Site may not function.
Performance Cookies
These cookies collect information about how you use the Site, for example which pages you go to most often and if you get error messages from certain pages. These cookies gather only aggregated or anonymous information that does not identify you.
Functionality Cookies
These cookies allow the Site to remember choices you make (such as your username or the region you’re in). For instance, the Site uses functional cookies to remember your language preference. These cookies can also be used to remember changes you’ve made to text size, font and other parts of pages that you can customize. They may also be used to provide services you’ve asked for such as watching a video or commenting on a blog. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting Cookies
These cookies are used to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign. They remember that you have visited a website and this information may be shared with other organizations such as advertisers. This means after you have been to the Site you may see some advertisements about our services elsewhere on the Internet.
How Long Will Cookies Stay on My Browsing Device?
The length of time a cookie will stay on your browsing device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your browsing device until they expire or are deleted.
How To Control And Delete Cookies Through Your Browser?
The browser you are using to view the Site can enable, disable or delete cookies. To do this, follow the instructions provided by your browser (usually located within the “Help,” “Tools” or “Edit” functions). Please note that if you set your browser to disable cookies, you may not be able to access certain parts of the Site ( e.g. to apply for a job or post a job. Other parts of the Site may also not work properly. You can find out more information about how to change your browser cookie settings at www.allaboutcookies.org.
Also, you may update your cookie preferences by clicking the “Cookie Settings” button at the bottom of the Site’s homepage.
Contacting Us
If you have any questions about this Cookie Policy, please contact us at https://sourcer.com/contact or by mail addressed to Attn: Legal, 1111B S Governors Ave, Ste 20165, Dover, DE 19904, USA.
Terms of Service
EFFECTIVE APRIL 22, 2024
The Sourcer Terms of Service is comprised of the following agreements:
Terms of Use
EFFECTIVE APRIL 22, 2024
This document explains the rules that keep our marketplace running.
We call these rules our Terms of Use. They apply to sourcer.com and all the websites and apps we own or run. (And by we, we mean Sourcer and our affiliates, which we may also refer to as us.)
These terms explain how we expect you to behave when you’re using Sourcer – whether you’re a registered user or unregistered site visitor on our site.
Please read these rules carefully: by using our site, you’re agreeing to follow them.
1. About licenses and third party content
Here we’ve included the conditions for using our site, which we do our best to keep running smoothly (1.1). That means we have the right to stop people from using our site and services if needed (1.2).
You can’t use our intellectual property (1.3), but you can post your own content to Sourcer. You’re responsible for this content (1.4), and equally, we’re not responsible for content you come across from other users (1.5). If you think someone is using something you’ve copyrighted, just let us know (1.6).
1.1 We let you use our site and services
Technically, we’re giving you a ‘limited license’ to the site. Here’s what that means.
We’re happy for you to access our website and services (known as the services). You’re free to have this access (or limited license) as long as you follow these terms of use and all of our other Terms of Service as they apply to you.
We’ll do our best to make sure our services are safe and working as they should, but we can’t guarantee you’ll have access continuously. In fact, we might even stop providing certain features or the services completely, and don’t have to give notice if we do.
1.2 We can stop letting you use our services
We can take away your right to use our services at any time.
If you violate our Terms of Use or other parts of our Terms of Service, we can take away your access to Sourcer. Officially, this is called terminating your license, and if it happens, we’ll tell you and you must stop using our services immediately.
1.3 We keep the rights to our intellectual property
Using our services doesn’t mean you can use any of our trademarks or other intellectual property, like copyrights and patents. We keep all of our rights to our intellectual property, even though we let you use our services.
Our logos and names are our trademarks and registered in certain jurisdictions. Any other product or company names, logos or similar marks and symbols you see on Sourcer may be trademarked by our partners or other users like you.
1.4 You can use Sourcer to share your content with the world
1.4.1 You’re responsible for what you post
You’re responsible for how you use our site and anything you post on it. If someone makes a claim against us because of anything you put on the site, you agree to compensate us for our legal fees and expenses (the lawyers call this, ‘indemnification’).
When you post content on (or through) our site or give us content for posting, you agree that you’re completely responsible for that content and we’re not. You also agree to only post or give us content that:
- you have the right to post
- is legal
- doesn’t violate anyone’s rights, including intellectual property rights.
You acknowledge and agree that whoever posts content is responsible for any harm caused to anyone by that content – not Sourcer – and that you’ll compensate and defend us, our partners, employees and representatives against any costs or legal or government action we have because of your content.
1.4.2 Other people have some rights to what you post
By posting content on the site, you give other people some rights to that content.
Whenever you post content on our site, you give us and our affiliates a permanent right (called an ‘irrevocable and non-exclusive worldwide license’) to use, edit and share that content – across the world and without paying royalties. If your name, voice and image appear in content you post, we also might use those on the site or in our day-to-day business. For example, if you’re a supplier, we might share your profile with clients we think could be a good match.
You also give each user and site visitor the right to access and use your content through the site. They also have the right to use, copy and share your content – as long as they do it through the site, and follow both our Terms of Service and the law.
We might show ads near your content and information, without compensating you. Depending on choices you make in your profile, we might also include your name or photo when promoting one of our features.
1.4.3 We’re open to your ideas
We’d love to hear your thoughts on improving Sourcer. Here’s what happens when you share them.
You can send us comments and suggestions about our services and ways to improve them. If you do, you’re agreeing your ideas are free and unsolicited, and you don’t expect or ask anything in return, unless we’ve specifically asked you for your ideas and offered something in return (we like to keep our word).
You agree we’re free to use, change and share the idea as we like, without being obligated to to give you anything for it. And if you do send us an idea, you also agree that this doesn’t affect our right to use similar or related ideas – including those we already have or get from others.
1.5 Third parties post on Sourcer, too
Anyone else who uses our site is responsible for what they post or link on Sourcer.
We’re not responsible for the accuracy or reliability of any content shared by other people on our site, unless they’re officially working for us when they share or post the content. Any content represents the views of the person sharing it, not Sourcer.
Our site might also contain links or other access to third-party websites and applications. These sites and applications are owned and run by other parties, not Sourcer. If we use a link or application that goes to a third-party website, it doesn’t mean that we endorse it and you agree that you use it without our endorsement.
1.6 You can make a copyright complaint
If you think content on our site infringes your rights, you can ask to have it removed.
We’re committed to following U.S. copyright and related laws and need site visitors and users to follow them as well. That means you can’t use our site to store or share anything that infringes anyone’s intellectual property rights, including their rights under U.S. copyright law.
If you own copyrighted work and think your rights under U.S. copyright law have been infringed by anything on our site, the Digital Millennium Copyright Act means you can ask us to take it down. To start the process, please contact us at: legalnotices@sourcer.com.
2. What you’re allowed to do on Sourcer
You can only use our services for work and to learn from the information we share.
Our site and services were made to be used for business, not for personal or consumer use. We run our marketplace to help companies find each other, build working relationships, and make and receive payments for that work.
You can also use some of our services to get information we think might be interesting and useful for our site visitors and users – like our Sourcer blog. While we do our best to make sure that this information is timely and accurate, there might sometimes be mistakes. We don’t make any guarantees about information posted on our site, so never use it as tax or legal advice. And you should always double-check the information for yourself.
3. What you’re not allowed to do on Sourcer
Certain uses of the site are not allowed. Here we go into much more depth about those things, including:
- posting unacceptable content (3.1)
- acting in a misleading or fraudulent way (3.2)
- treating others unfairly (3.3)
- abusing our feedback system (3.4)
- other uses that aren’t allowed (3.5)
In short, you’re not allowed to use our services to do (or encourage others to do) anything that is illegal, fraudulent or harmful. If you don’t see something on one of the lists below, you shouldn’t assume it’s allowed. When in doubt, contact us to check.
3.1 Posting unacceptable content
You can’t offer, share, support or try to find anything that:
- is illegal or defamatory
- is violent, discriminatory or harassing, either generally or towards a specific person or group (or encourages others to be), including anyone who is part of a legally protected group
- is sexually explicit or related to sex work or escort services
- is in any way related to child exploitation
- would infringe on any intellectual property rights, including copyrights
- would violate our Terms of Service, another website’s terms of service, or any similar contract
- would go against professional or academic standards or policies – including improperly submitting someone else’s work as your own, or by ghost-writing essays, tests, or certifications
- involves purchasing or requesting a fake review or is connected in any way to making or sharing misleading content which is intended to deceive others.
3.2 Acting in a misleading or fraudulent way
On Sourcer, you can’t do anything that’s dishonest or meant to fool others.
You can’t misrepresent your company, your resources’ experience, skills or professional qualifications, or that of others. This includes:
- lying about your resources’ experience, skills or professional qualifications
- using generative AI or other tools to substantially bolster inquiries from clients or work product if such use is restricted by your client or violates any third-party’s rights
- passing off any part of another company’s profile or identity as your own
- impersonating or falsely attributing statements to any person or entity, including a Sourcer representative
- falsely claiming or implying you’re connected to a person or organization (including Sourcer) – for example, you can’t say you work with a particular company when you don’t, and suppliers can’t use a resource’s profile if they’ve stopped working together.
Similarly, you must always be honest about who’s doing the work. That means you can’t:
- allow someone else to use your account, which misleads other users or
- falsely claim one resource will do a job when another will actually do it – including submitting a profile of the resource who can’t or won’t do the work.
We’re particularly invested in avoiding fraud and misrepresentations when it comes to payments. This means:
Suppliers can’t fraudulently charge a client in any way, including by:
- reporting or billing time the engaged resource haven’t actually worked
- reporting time worked by someone else and claiming the engaged resource did the work
- demanding payments without the intention of or without actually providing services in exchange for the payment.
Clients can’t engage in fraud related to payments, including by:
- posting requisitions with payment terms that are objectively unreasonable or disproportionate to the scope of services requested
- demanding services without the intention of or without actually providing payment in exchange for the services.
3.3 Treating others unfairly
Everyone should be treated fairly and legally on Sourcer.
You can’t use Sourcer to:
- express an unlawful preference in a requisition, inquiry or submission
- unlawfully discriminate against someone
- incite or encourage violence
- post personal identifying information or other sensitive, private data about another person
- spam other companies with inquiries or submissions. This includes posting the same requisition several times at once and contacting people you connected with on Sourcer outside of Sourcer without their permission
- make or demand bribes or payments for anything other than the work
- ask for or demand free work – you can’t ask suppliers to submit work for little or no payment as part of a proposal bid or competition
- request a fee in order to submit an inquiry or submission.
3.4 Abusing our feedback system
You must use our feedback system honestly and fairly.
That means you can’t:
- withhold payment or work until you’ve been given positive feedback
- swap payment (or anything of value) for feedback, including with third parties
- coerce another company by threatening negative feedback
- use the system to share unrelated views (like about politics or religion)
- offer or accept fake services to improve your feedback or rating score, which is called feedback building
3.5 Other uses that aren’t allowed
Sourcer relies on technology and trust – here’s how we maintain those things.
- You can’t copy, share or give away your account. You can’t have multiple accounts and you can’t sell, trade or give your account to anyone else without our permission.
- You can’t promote other organizations – including advertising any other websites, products or services. You also can’t use our site to recruit suppliers or clients to join another agency, website or company, unless you pay us a fee to do so.
- You can’t interfere with our technology or tamper with our site or services. That means you can’t:
- bypass any security features we’ve put in place to restrict how you use the site – you’re not allowed to try and get around restrictions on copying content
- interfere with or compromise our systems, server security, or transmissions
- use a robot, spider, scraper, or similar mechanisms on our site without written permission
- copy, distribute, or otherwise use any information you found on Sourcer, if whether directly or through third parties (like search engines), without our consent (no scraping allowed)
- collect or use identifiable information, including account names
- overwhelm the site with an unreasonable or large amount of information
- introduce any malware or any other code or viruses that could harm us, our customers, or our services
- access our services through any technology other than our interface
- frame or link to the services without our written permission
- use our services to build a similar service, identify or poach our users or publish any performance or benchmark analysis relating to the site
- reverse engineer, decipher, modify, or take source code from our site that is not open source without our written permission.
4. Enforcing our terms of use
If you break any of these rules, we can suspend your account and stop you from using Sourcer (4.1). If you see someone else breaking these rules, please let us know (4.2).
4.1 We enforce these rules
We have the right to look into any potential violations of these terms of use, and might decide to pause, change or take away any content on our site when we do.
We can’t guarantee that we’ll take action against every potential violation, but just because we don’t take action against one breach doesn’t waive our right to take action against any future breaches, whether they’re related to the first breach or not.
If we do suspect rule-breaking, we can stop you using our site at any time. If we disable or close your account, you won’t be able to use any of our services, but these things will stay in place:
- our rights to use and share your feedback
- our users’ and visitors’ rights to share your content (1.4.2)
- your agreement to all the rules laid out in section 3 on this page.
4.2 Tell us if you see someone breaking these rules
What to do if you become aware of a violation of our Terms of Use.
If you believe anyone is breaking any of our terms of use, please let our customer service team know.
If we follow up on the breach, you agree to help with our investigation and take reasonable steps to help us fix the problem.
5. Definitions
Here, we explain some of the terms we’ve used in our Terms of Use. Any other terms in italics should be defined when they’re mentioned, throughout the Terms of Service.
An affiliate is anyone or anything that in any way manages, is managed by, or shares management with us.
A customer is a company using our site to source talent services from a supplier.
A supplier is a company using our site to offer their services to customers.
Supplier services refer to the work supplier’s resources offer to their customers.
A means of direct contact is information that would let someone get in touch with you directly (or find the information to do that) so you can bypass our site. For example, phone numbers, email and physical addresses, social media accounts, and personal websites with contact information are means of direct contact.
Site services are all services, applications and products – apart from supplier services – that people can access through Sourcer.
Content is what users post to Sourcer themselves, like comments, profiles, feedback, images, or other information. It includes anything posted by you even if elements of the content were originally generated by generative AI or other tools, or in response to questions posed to you by Sourcer or other users or Sourcer.
Privacy Policy
EFFECTIVE APRIL 22, 2024
This Privacy Policy explains how and why Sourcer collects, uses, and shares personal information when you interact with or use our Site or Service. It also includes any information Sourcer collects offline in connection with the Service, which we may combine with information from the Site and Service. By reading this Privacy Policy, you will understand your privacy rights and choices.
When we say “Sourcer”, we mean Sourcer, Inc., and any of its affiliates. When we say “Site”, we mean sourcer.com, and when we say “Service”, we mean the Site plus any websites, features, applications, widgets, or online services owned or controlled by Sourcer and that post a link to this Privacy Policy.
As part of the Service, Sourcer provides a marketplace which results in platform information pertaining to different parties to an interaction. Users of the Service may be Customers, Suppliers, or Site Visitors (as each is defined in the Terms of Use). This Privacy Policy applies to Sourcer’s processing of personal information of Users where Sourcer determines the purposes and means of processing. It does not apply to processing of information by Users themselves, who may be controllers of the personal information they access through the Service. For information about how Users process your personal information, please contact them directly.
Accessibility: This Privacy Policy uses industry-standard technologies and was developed in connection with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.
1. Information Collection
a. Information You Provide to Us
When you use the Service, you may provide us with information about you. This may include your name and contact information, financial information to make or receive payment for services obtained through the Sourcer platform, or information to help us calculate sales taxes. When you use the Service, we may also collect information related to your use of the Service and aggregate this with information about other users. This helps us improve our Services for you. Suppliers may also provide us with information about resources associated with the Supplier.
Depending upon our relationship with you, we may collect the following categories and types of personal information from and about you:
Categories of Personal Information We Collect | Examples of Personal Information Collected | Categories of Sources of Personal Information | Business Purpose for Collection of Personal Information |
---|---|---|---|
Identifiers | Name, Social Media Account Information, Profile Data, IP Address | Directly from You or Your use of the Service; Cookies and Other Tracking Technologies; Third Parties (such as affiliates, agents, service providers and other users) | Developing, Improving, and Providing the Service, Identification, Communications, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Contact / Account Profile Information | Email Address, Home Address, Billing Address, Phone Number | Directly from You or Your use of the Service; Third Parties (such as affiliates, agents, service providers and other users) | Developing, Improving, and Providing the Service, Identification, Communicating with You, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Sensitive Personal Information / Government Issued Identification Numbers | VAT Identification Number, Tax Identification Number, Immigration Status, Citizenship Information | Directly from You | Improving and Providing the Service, Verifying Your Identity and Detecting Fraud, Identity Theft, or Other Misuse of Your Account, Legal, Compliance and Regulatory Obligations |
Commercial Information | Transaction Data including services offered, considered, or purchased | Directly from You or Your use of the Service; Third Parties (such as affiliates, agents, service providers and other users) | Developing, Improving, and Providing the Service, Identification, Communications, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Financial Data/Payment Information | Credit card or other financial account information | Directly from You or Your use of the Service; Third Parties (such as affiliates, agents, service providers and other users) | Improving and Providing the Service, Identification, Communications, Security, Legal, Compliance and Regulatory Obligations |
Internet or Other Network or Device Activities Including Information from Cookies | Unique device and app identifiers, browsing history or other usage data, the browser and operating system you are using, the URL or advertisement that referred you to the Service, the search terms you entered into a search engine that led you to the Service, areas within the Service that you visited, which links you clicked on, which pages or content you viewed and for how long, other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages and other information commonly shared when browsers communicate with websites | Directly from You or Your use of the Service; Cookies and Other Tracking Technologies; Third Parties (such as affiliates, agents, service providers and other users) | Developing, Improving, and Providing the Service, Identification, Communications, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Approximate Geolocation Information | Your approximate location | Directly from You or Your use of the Service; Cookies and Other Tracking Technologies; Third Parties (such as affiliates, agents, service providers and other users) | Developing, Improving, and Providing the Service, Identification, Communications, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Sensory Information | Audio recordings if you call our customer service, video recording (if you provide permission) | Directly from You or Your use of the Service; Service Providers; Third Parties (such as affiliates) | Providing and Improving the Service, Identification, Communications, Marketing, Security, Legal, Compliance and Regulatory Obligations |
Platform Communications | Communication Information (e.g., your name, contact information, and, with your consent, the contents of any messages you send) | Directly from You, Your use of the Service, and Users with whom you communicate | Developing, Improving, and Providing and Improving the Service, Security, Legal, Compliance and Regulatory Obligations |
Professional Information | Previous place(s) of employment, position(s), work history, earnings, resume | Directly from You or Your use of the Service; Service Providers; Third Parties (such as other users) | Developing, Improving, and Providing the Service, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
Other information that identifies or can be reasonably associated with you | User-generated content, (e.g., community posts, feedback, ratings and job postings), photographs, examples of your work, information on work previously performed via the Service and outside the Service, skills, tests taken, test scores, hourly pay rates and earnings information | Directly from You or Your use of the Service; Service Providers; Third Parties (such as affiliates, agents, and other users) | Developing, Improving, and Providing the Service, Identification, Communications, Marketing, Analytics, Security, Legal, Compliance and Regulatory Obligations |
b. Non-Identifying Information and De-Identified Information
- Non-Identifying Information/Usernames: We also may collect other information that does not identify you directly, such as zip codes, demographic data, information about your use of the Service, and general project-related data (“Non-Identifying Information”). We may combine information collected from Sourcer users, whether they are registered or not (“Sourcer Users”). In some cases, we may render Personal Information (generally, email address) into a form of Non-Identifying Information referred to in this Privacy Policy as “Hashed Information.” This is typically accomplished using a mathematical process (commonly known as a hash function) to convert information into a code. While the code does not identify you directly, it may be used by Sourcer’s partners to connect your activity and interests.
- Combination of Personal and Non-Identifying Information: We may combine your Personal Information with Non-Identifying Information, but Sourcer will treat the combined information as Personal Information.
- De-Identified Information: We may also de-identify or aggregate information and convert it into non-personal information so that it can no longer reasonably be used to identify you (“De-Identified Information”). We may use De-Identified Information for any of the purposes described in the “We Use Information We Collect” section below. We will maintain and use De-Identified Information in de-identified form and will not attempt to reidentify the information, except to confirm our de-identification processes or unless required by law.
c. Information Collected Automatically
Like other online companies, we receive technical information when you use our Services. We use these technologies to analyze how people use the Service, to improve how our Site functions, to save your log-in information for future sessions, and to serve you with advertisements that may interest you.
Sourcer and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movement around the website, the desktop app, and the mobile app, and to gather demographic information about our user base as a whole. The technology used to collect information automatically from Sourcer Users may include cookies, web beacons, and embedded scripts. In addition, we and our marketing partners, affiliates, analytics, and service providers may use a variety of other technologies (such as tags) that collect similar information for security and fraud detection purposes and we may use third parties to perform these services on our behalf.
For further information on cookies and how they are used for the Service, please visit our Cookie Policy at sourcer.com/legal/cookie-policy.
d. Analytics Providers, Ad Servers and Similar Third Parties
We may work with advertising agencies and vendors who use technology to help us understand how people use our Site. These vendors may use technologies to serve you advertisements that may interest you. You can choose to opt out of receiving certain interest-based advertising.
Sourcer works with (or may in the future work with) ad networks, ad agencies, analytics service providers and other vendors to provide us with information regarding traffic on the Service, including pages viewed and the actions taken when visiting the Service; to serve our advertisements on other websites, within mobile apps and elsewhere online; and to provide us with information regarding the use of the Service and the effectiveness of our advertisements. Our service providers may collect certain information about your visits to and activity on the Service as well as other websites or services, they may set and access their own tracking technologies on your device (including cookies and web beacons), and may use that information to show you targeted advertisements. Some of these parties may collect Personal Information when you visit the Service or other online websites and services. We may also share certain Non-Identifying Information with these parties, including Hashed Information, in connection with the services they provide to us. If you wish to opt out of interest-based advertising from participating companies, click here (or if located in the European Union, click here). You must opt out on each device and each browser where you want your choice to apply. If you choose to opt out, please note you will continue to receive advertisements, but they may be less relevant to you.
While we may use a variety of service providers to perform advertising services, some of these companies are members of the Network Advertising Initiative (“NAI”) or the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. You may want to visit http://www.networkadvertising.org/managing/opt_out.asp, which provides information regarding targeted advertising and the “opt-out” procedures of NAI members. You may also want to visit http://www.aboutads.info/choices/, which provides information regarding targeted advertising and offers an “opt-out” by participating companies in the DAA Self-Regulatory Program.
e. Do Not Track Signals and GPC
Please note that your browser setting may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. Sourcer does not generally alter its practices when it receives a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Global Privacy Control (GPC) is a technical specification that you can use to inform websites of your privacy preferences regarding ad trackers. If you do choose to set up GPC, it may impact the functionality of the Site, but we honor the GPC signal on a per-browser basis automatically in your cookie preferences.
f. Children
The Service is general audience and intended for users 18 and older. We do not knowingly collect Personal Information from anyone younger than age 18. If we become aware that a child younger than 18 has provided us with Personal Information, we will use commercially reasonable efforts to delete such information from our files. If you are the parent or legal guardian of a child younger than age 18 and believe that Sourcer has collected Personal Information from your child, please contact us at: legalnotices@sourcer.com.
2. Use of Information
We use information collected through the Service to provide and improve the Service, develop new Services and products, process your requests, prevent fraud, provide you with information and advertising that may interest you, comply with the law, and as otherwise permitted with your consent.
a. We Use Information We Collect:
- To provide and improve the Service, complete your transactions, address your inquiries, process your registration, verify the information you provide is valid, and for compliance and internal business purposes.
- To contact you with administrative communications and Sourcer newsletters, marketing or promotional materials (on behalf of Sourcer or third parties) and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the instructions in the Your Choices and Rights section, below.
- To tailor content we display to you and offers we may present to you, both on the Service and elsewhere online.
- To administer and develop our business relationship with you and, if applicable, the corporation or other legal entity you represent.
- To enforce and comply with the law, including to conduct an investigation, to protect the property and rights of Sourcer or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, fraudulent, unethical or legally actionable activity. We may also use Device Identifiers to identify Sourcer Users.
- For the purposes disclosed at the time you provide your information, with your consent, and as further described in this Privacy Policy.
- To Honor Our Contractual Commitments to You. Much of our processing of Personal Information is to meet our contractual obligations to our investors, or to take steps at Users’ request in anticipation of entering into a contract with them.
- For Our Legitimate Interests. In many cases, we handle Personal Information on the grounds that it furthers our legitimate interests in commercial activities, such as the following, in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
- Providing our Site and Service.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
- Measuring interest and engagement in our Services.
- Short-term, transient use, such as contextual customization of ads.
- Improving, upgrading or enhancing our Services.
- Developing new products and services.
- Ensuring internal quality control and safety.
- Authenticating and verifying individual identities.
- Debugging to identify and repair errors with our Services.
- Auditing relating to interactions, transactions and other compliance activities.
- Enforcing our agreements and policies.
- Analyzing and improving our business.
- Communications, including marketing and responding to your inquiries about our services.
- Addressing information security needs and protecting our Users, Sourcer, and others.
- Managing legal issues.
- To Comply with Legal Obligations. We need to use and disclose Personal Information in certain ways to comply with our legal obligations.
3. Data Retention
Unless you request that we delete certain information, we will only retain your personal information for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements, as well as ongoing fraud prevention, backup, and business continuity purposes.
4. Information Sharing and Disclosure
We do not sell your Personal Information for monetary consideration, and we do not share your Personal Information with third parties for those third parties’ marketing purposes unless we first provide you with the opportunity to opt-in to or opt-out of such sharing. However, we may use technologies on our Site for the purposes of advertising or marketing to you and understanding how you interact with our ads. This may be considered a “sale” or “sharing” of personal information for targeted advertising under applicable data protection laws. We may also share information we have collected about you, including Personal Information, as disclosed at the time you provide your information, with your consent, as otherwise described in this Privacy Policy, or for the following business or commercial purposes:
Sourcer Users | For Suppliers who have entered into an engagement with a Customer, we may share their information with Customer. For Suppliers who choose to submit a submission via the Service, we may share their information with the applicable Customer(s). For Customers who have entered into an engagement, we may share your information in order to complete the transaction or to facilitate the resolution of a claim or dispute. The Supplier(s) receiving your information is not allowed to use it for purposes unrelated to the transaction, such as to contact you for marketing purposes, unless you have expressly consented to it. |
Sourcer Users | We may employ service providers and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services (e.g., without limitation, maintenance services, database management, web analytics and online advertising, payment processing, fraud detection and improvement of Sourcer’s features) or to assist us in analyzing how our Service is used. These Service providers may include analytics companies, advertising partners, payment processors, identity verification companies, security companies, generative AI partners, or other merchants. These third parties may have access to your Personal Information in order to perform these tasks on our behalf. |
Generative AI Partners | We enhance certain features of our Service by integrating trusted generative AI service providers. We may share the information you provide while using these features with these generative AI service providers, as well as additional information necessary to utilize the feature. Where Sourcer uses this information to power features, we leverage certain treatments of the data appropriate for the feature, including but not limited to, first removing personal information and only using public data. Where a feature involves a generative AI service provider and requires the use of identifying information you submit to the feature, you may choose to either not use that feature or not opt-in to generative AI features more broadly. The Service includes a two-sided marketplace, which results in platform information pertaining to both parties on either side of an interaction. Thus, if a Customer or Supplier chooses to use our generative AI features, the platform information associated with that user’s account – including information described above – may be used to power those features, subject to limitations based on the other party’s choices. |
Legal and Investigative Purposes | Sourcer will share information with government agencies as required by law including (without limitation) in response to lawful requests by public authorities to meet national security or law enforcement requirements and in connection with reporting earnings. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), or, at the request of governmental authorities or other third parties conducting an investigation where we determine in our sole discretion the disclosure is necessary to (a) protect the property and rights of Sourcer or a third party, (b) protect the safety of the public or any person, or (c) prevent or stop activity we may consider to be, or pose a risk of being, illegal, fraudulent, unethical or legally actionable activity. |
Internal and Business Transfers | Sourcer may share information, including Personal Information, with any current or future subsidiaries or affiliates, primarily for business and operational purposes, including activities such as IT management, for them to provide services to you, or support and supplement the Services we provide. We may sell, transfer, or otherwise share some or all of our assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets (including, in each case, as part of the due-diligence process with any potential acquiring entity) or in the event of bankruptcy. |
Sweepstakes, Contests, and Promotions | We may offer sweepstakes, contests, and other promotions (any, a “Promotion”) that may require registration. |
Non-Identifying Information and De-Identified Information | We may share aggregated Non-Identifying Information and we may otherwise disclose Non-Identifying Information (including, without limitation, Hashed Information) or De-Identified Information to third parties. |
Categories of Personal Information We Have Shared in the Preceding 12 Months | Categories of Third Parties with whom We Share Personal Information | Whether This Category is Used for Targeted Advertising |
---|---|---|
Identifiers | Analytics Companies, Identity Verification Companies, Advertising Partners, Payment Processors, Other Merchants, Sourcer Users, Government Agencies (as required by law) | Yes |
Contact Information | Analytics Companies, Advertising Partners, Payment Processors, Other Merchants, Sourcer Users, Government Agencies (as required by law) | Yes |
Sensitive Personal Information / Government Issued Identification Numbers | Identity Verification Companies, Security Companies, Other Merchants, Sourcer Users, Government Agencies (as required by law) | No |
Commercial Information | Payment Processors, Security Companies, Analytics Companies, Other Merchants, Sourcer Users, Government Agencies (as required by law) | No |
Financial Data/Payment Information | Payment Processors, Security Companies, Other Merchants, Sourcer Users, Government Agencies (as required by law) | No |
Internet or Other Network or Device Activities Including Information from Cookies | Analytics Companies, Advertising Partners, Other Merchants, Government Agencies (as required by law) | Yes |
Approximate Geolocation Information | Analytics Companies, Advertising Partners, Other Merchants, Sourcer Users, Government Agencies (as required by law) | Yes |
Sensory Information | Other Merchants, Sourcer Users, Government Agencies (as required by law) | No |
5. Your Choices and Rights
You may have certain choices and rights associated with your personal information, including opting out of targeted advertising or other disclosures to third parties. Residents of certain locations may have the right to have an authorized agent submit requests on your behalf. You or your authorized agent may request that Sourcer honor these rights by contacting us as outlined in the “Contact Us” section below.
Non-Discrimination: You will not receive any discriminatory treatment by us for the exercise of your privacy rights.
Verifying Your Request: Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf. We will only use the personal information that you have provided in a verifiable request in order to verify your request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive or manifestly unfounded.
For Individuals Located in the European Economic Area (EEA), United Kingdom (UK) or Switzerland:
You have a number of rights under applicable data protection laws in relation to your personal information. Under certain circumstances, you have the right to:
- Have access to your personal information by submitting a request to us;
- Have your personal information deleted;
- Have your personal information corrected if it is wrong;
- Have the processing of your personal information restricted;
- Object to further processing of your personal information, including to object to marketing from us;
- Make a data portability request;
- Withdraw any consent you have provided to us;
- Restrict any automatic processing of your personal information; and
- Complain to the appropriate Supervisory Authority.
To exercise any of these rights, please contact us as outlined in the “Contact Us” section below.
Notice for California Residents
“Shine the Light” and “Eraser” Laws: Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.
California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA): The CCPA, as amended by the CPRA, provides California residents and/or their authorized agents with specific rights regarding the collection and processing of their personal information.
Your Right to Know: California residents have the right to request that we disclose the following information to you about our collection and use of your personal information over the past twelve (12) months. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Upon verification, we will disclose to you:
- The categories of personal information we have collected about you.
- The categories of sources for the personal information we have collected about you.
- The specific pieces of personal information we have collected about you.
- Our business or commercial purpose for collecting or “selling” your personal information as defined by the CCPA.
- The categories of third parties to whom we have sold or shared your personal information, if any, and the categories of personal information that we have shared with each third-party recipient.
Your Right to Opt-Out of “Sale” or “Sharing” of Personal Information: California residents have the right to opt-out of the “sale” or “sharing” of their personal information as defined by the CCPA by contacting us using the information in the “Contact Us” section below.
Please note that we do not knowingly “sell” the personal information of any individuals under the age of 18.
Where we are “sharing” your personal information with third parties for the purposes of cross-context behavioral advertising or profiling, you may opt-out of such sharing at any time by submitting a request as directed on the homepage of our website or by contacting us using the information in the “Contact Us” section below.
Your Right to Limit Use of Sensitive Personal Information: California residents may have the right to request that businesses limit the use of any sensitive personal information to those uses which are necessary to perform the Services or for other specifically-enumerated business purposes under the CCPA, as amended by the CPRA. Please note that we do not use sensitive personal information other than as necessary to perform the Services or as specifically permitted under the CCPA.
Your Right to Delete: California residents have the right to request that we delete any of the personal information collected from you and retained by us, subject to certain exceptions. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Once your request is verified and we have determined that we are required to delete the requested personal information in accordance with the CCPA, we will delete, and direct our service providers to delete your personal information from their records. Your request to delete personal information that we have collected may be denied if we conclude it is necessary for us to retain such personal information under one or more of the exceptions listed in the CCPA.
Your Right to Correct: Under the CCPA, as amended by the CPRA, California residents have the right to request that we correct any inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes for which we are processing such personal information. We will use commercially reasonable efforts to correct such inaccurate personal information about you.
Non-Discrimination: You will not receive any discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.
Notice for Nevada Residents
Under Nevada law, certain Nevada residents may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by emailing privacyrequests@sourcer.com. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
Notice for Residents of Certain Other States
The laws of your state of residence (“Applicable State Law”) may provide you with certain rights, including the following:
Your Right to Confirm and Access: You have the right to confirm whether we are processing personal information about you and access the personal information we process about you.
Your Right to Portability: You have the right to obtain a copy of the personal information we maintain and process about you in a portable and, to the extent technically feasible, readily-usable format.
Your Right to Delete: You have the right to request that we delete the personal information we maintain or process about you.
Your Right to Correct: You have the right to request that we correct inaccuracies in the personal information we maintain or process about you, taking into consideration the nature and purpose of such processing.
Your Rights to Opt-Out: You have the right to opt-out of certain types of processing of personal information, including:
- Opt-Out of the “sale” of personal information as defined by Applicable State Law;
- Opt-Out of targeted advertising by us;
- Opt-Out of automated profiling for the purposes of making decisions that produce legal or similarly significant effects.
Please note, as explained above, we do not “sell” personal information as that word is traditionally defined. However, we do share personal information with third parties to provide you with personalized advertising from us and to better understand how you interact with our Services. Through the use of cookies, we may also make available certain personal information to third parties for targeted advertising.
Appeals Process and Other Concerns
Certain information may be exempt from the rights described above under applicable law. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process. Depending on your location, you may also email legalnotices@sourcer.com with the subject “Data Privacy Request Appeal” to provide us with details about why you are appealing the decision.
If you have an unresolved privacy or data use concern that we have not addressed to your satisfaction, please contact our U.S.-based third-party dispute resolution provider free at https://feedback-form.truste.com/watchdog/request.
6. Security
We take a number of steps to protect your data, but no security is guaranteed.
Sourcer takes reasonable steps to help protect and secure the information it collects and stores about Sourcer Users. We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information that we receive against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure or use.
7. Cross-Border Data Transfers
Because we are a U.S. company, we process and store your information in the United States and our service providers may process and store it elsewhere.
Sourcer may transfer your personal information to a third party that is located in a jurisdiction other than the one from which we collected your personal information, including to countries that have not been deemed to have an adequate level of protection for the rights and freedoms of data subjects. If we do transfer your personal information to another jurisdiction, we will do so following due diligence and provided that the data recipient is subject to contractual agreements imposing obligations on it to ensure appropriate technical and organizational are implemented and maintained at all times to prevent the unauthorized and unlawful processing of personal information, and the accidental loss or destruction of, or damage to, personal information, consistent with our obligations under applicable data protection laws.
We will use appropriate legal transfer mechanisms, including Standard Contractual Clauses, where required by law.In addition, Sourcer is self-certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework, as described below. Personal information from EU and Swiss residents will be treated in accordance with the Data Privacy Framework Principles. To exercise any legal right to see copies of the data transfer mechanism documents that Sourcer uses to transfer data to third parties, please contact us.
Data Privacy Framework Notice
Sourcer, Inc. has certified that its U.S. operations adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) with respect to the personal Information that they receive in reliance on the Privacy Shield. In July 2023, all members of the Privacy Shield, including Sourcer, automatically became members of the Data Privacy Framework (“DPF”). Our DPF certification is available at https://www.dataprivacyframework.gov/s/participant-search. To learn more about the DPF program, please visit https://www.dataprivacyframework.gov/s/.
When Sourcer or one of its affiliates receives Personal Information under the DPF and then transfers it to a third party service provider acting as an agent on their behalf, Sourcer or its affiliate may have certain responsibility under the DPF if both (i) the agent processes the information in a manner inconsistent with the DPF and (ii) Sourcer or its affiliate is responsible for the event giving rise to the damage.
Covered European residents should contact Sourcer at the contact information below regarding Sourcer’s or its affiliates’ compliance with the DPF. Sourcer will attempt to answer your questions and satisfy your concerns in a timely and complete manner as soon as possible. If, after discussing the matter with Sourcer, your issue or complaint is not resolved, Sourcer and the above-named affiliates have agreed to participate in the DPF independent dispute resolution mechanisms listed below, free of charge to you. PLEASE CONTACT SOURCER FIRST.
For other Personal Information Sourcer or its affiliates receive under the DPF, Sourcer and its affiliates have committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Data Privacy Framework Principles to an independent dispute resolution mechanism, JAMS Data Privacy Framework Dispute Resolution, operated by JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information and to file a complaint.
If your complaint still is not resolved through these channels, under limited circumstances, an additional binding arbitration option may be available before a DPF panel, as described at https://www.dataprivacyframework.gov/s/. Every individual also has a right to lodge a complaint with the relevant supervisory authority.
8. Links to Other Sites
Our Service contains links to other websites. If you choose to click on a third-party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. We encourage you to read the privacy policies or statements of the other websites you visit.
9. Changes to This Policy
We may change this Privacy Policy. If we make substantial changes, we will provide notice.
This Privacy Policy is effective as of the date stated at the top of this page. Sourcer may update this Privacy Policy at any time and any changes will be effective upon posting. By accessing or using the Service after we notify you of such changes to this Privacy Policy, you are deemed to have accepted such changes. Please refer back to this Privacy Policy on a regular basis.
10. Contact Us
To request that Sourcer honor any of the rights described in this Policy contact us as outlined below.
If you have any questions about this Privacy Policy, please contact us at legalnotices@sourcer.com, or by mail addressed to Sourcer, Attn: Legal, 1111B S Governors Ave, Ste 20165, Dover, DE 19904, USA. You may also contact us by phone at 415-574-0205.
Global Data Processing Agreement
EFFECTIVE APRIL 22, 2024
The Client agreeing to these terms (“Customer”), and Sourcer, Inc. or any other entity that directly or indirectly controls, is controlled by, or is under common control with Sourcer, Inc. (as applicable, “Sourcer”) (each, a “party” and collectively, the “parties”), have entered into an agreement under which Sourcer has agreed to provide a marketplace where Clients and Suppliers can identify each other and advertise, buy, and sell Supplier Services online, with such other services, if any, described in the agreement (the “Service”) to Customer (as amended from time to time, the “Agreement”). Unless otherwise agreed to in writing by you and Sourcer, to the extent Sourcer processes any EU personal data for you as a controller (as defined by the General Data Protection Regulation (EU) 2016/679) in your role as a Customer as defined in this Global Data Processing Agreement (the “DPA”), this DPA applies. This DPA, including its appendices, supplements the Agreement. To the extent of any conflict or inconsistency between this DPA and the remaining terms of the Agreement, this DPA will govern.
1. Introduction
This DPA reflects the parties’ agreement with respect to the processing and security of Customer Data under the Agreement.
2. Definitions
2.1 The terms “personal data”, “data subject”, “processing”, “controller”, “processor” and “supervisory authority” have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Standard Contractual Clauses, in each case irrespective of whether the European Data Protection Legislation or Non-European Data Protection Legislation applies.
2.2 Unless stated otherwise:
- “Affiliate” means any entity that controls or is under common control with a specified entity.
- “Agreed Liability Cap” means the maximum monetary or payment-based amount at which a party’s liability is capped under the Agreement.
- “Confidential Information” means any information or materials (regardless of form or manner of disclosure) that are disclosed by or on behalf of one party to the other party that (i) are marked or communicated as being confidential at or within a reasonable time following such disclosure; or (ii) should be reasonably known to be confidential due to their nature or the circumstances of their disclosure. The term “Confidential Information” does not include any information or materials that: (a) are or become generally known or available to the public through no breach of this Agreement or other wrongful act or omission by the receiving party; (b) were already known by the receiving party without any restriction; (c) are acquired by the receiving party without restriction from a third party who has the right to make such disclosure; or (d) are independently developed by or on behalf of the receiving party without reference to any Confidential Information.
- “Customer Account Data” means personal data that relates to Customer’s relationship with Sourcer, including the names and/or contact information of individuals authorized by Customer to access Customer’s Sourcer account and billing information of individuals that Customer has associated with its Sourcer account.
- “Customer Personal Data” means the personal data contained within the Customer Data.
- “Customer Data” means the data entered into the Service by or on behalf of any End User, but excludes Customer Account Data.
- “End User” means an authorized user of the Service under Customer’s account.
- “Data Incident” means a breach of Sourcer’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Sourcer. “Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Customer Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
- “EEA” means the European Economic Area, Switzerland, and/or the United Kingdom.
- “European Data Protection Legislation” means, as applicable: (a) the GDPR and its respective national implementing legislations; and/or (b) the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”).
- “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- “EU SCCs” means the EU Standard Contractual Clauses approved by the European Commission in decision 2021/914 located at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.
- “Non-European Data Protection Legislation” means, as applicable, the data protection or privacy laws, regulations, and other legal requirements other than the European Data Protection Legislation.
- “Notification Email Address” means the contact email address that you provided to Sourcer for the purpose of receiving notices from Sourcer.
- “Security Measures” has the meaning given in Section 7.1.1 (Sourcer’s Security Measures).
- “Subprocessors” means third parties authorized under this DPA to have logical access to and process Customer Data in order to provide parts of the Service. For clarity, freelancers that clients engage via Sourcer are not Subprocessors under this DPA.
- “Term” means the period from the DPA’s effective date until the end of Sourcer’s provision of the Service, including, if applicable, any period during which provision of the Service may be suspended and any post- termination period during which Sourcer may continue providing the Service for transitional purposes.
- “United Kingdom International Data Transfer Agreement or Addendum” (“UK IDTA”) means either, as applicable, (a) the International Data Transfer Agreement when used under the UK GDPR, or (b) the International Data Transfer Addendum to the EU SCCs issued by the Commissioner under s119A(1) of the Data Protection Act 2018, version A1.0, in force from March 21, 2022.
3. Duration of this DPA
This DPA will remain in effect until, and automatically expire upon, deletion of all Customer Data by Sourcer as described in this DPA.
4. Data Protection Legislation
4.1 Application of European Legislation. The parties acknowledge that the European Data Protection Legislation will apply to the processing of Customer Personal Data to the extent provided under the European Data Protection Legislation.
4.2 Application of Non-European Legislation. The parties acknowledge that Non-European Data Protection Legislation may also apply to the processing of Customer Personal Data.
5. Processing of Data
5.1 Roles and Regulatory Compliance; Authorization.
5.1.1 Processor and Controller Responsibilities. If the European Data Protection Legislation applies to the processing of Customer Personal Data, the parties acknowledge and agree that:
- 5.1.1.1 Customer is a controller (or processor, as applicable), of the Customer Personal Data under European Data Protection Legislation;
- 5.1.1.2 Sourcer is a processor (or subprocessor, as applicable) of the Customer Personal Data under the European Data Protection Legislation; and
- 5.1.1.3 each party will comply with the obligations applicable to it under the European Data Protection Legislation with respect to the processing of that Customer Personal Data.
5.1.2 Responsibilities under Non-European Legislation. If Non-European Data Protection Legislation applies to either party’s processing of Customer Personal Data, the parties acknowledge and agree that the relevant party will comply with any obligations applicable to it under that legislation with respect to the processing of that Customer Personal Data.
5.1.3 Authorization by Third Party Controller. If Customer is a processor, Customer warrants to Sourcer that Customer’s instructions (defined below) and actions with respect to that Customer Personal Data, including its appointment of Sourcer as another processor, have been authorized by the relevant controller to the extent required by applicable law.
5.2 Scope of Processing.
5.2.1 The subject matter and details of the processing are described in Appendix 1.
5.2.2 Customer’s Instructions. By entering into this DPA, Customer instructs Sourcer to process Customer Personal Data only in accordance with applicable law: (a) to provide the Service; (b) as further specified through Customer’s use of the Service; (c) as documented in the Agreement, including this DPA; and (d) as further documented in any other written instructions given by Customer and acknowledged by Sourcer as constituting instructions for purposes of this DPA (each and collectively, “Customer’s Instructions”) and only for the foregoing purposes and not for the benefit of any other third party. Sourcer may condition the acknowledgement described in (d) on the payment of additional fees or the acceptance of additional terms.
5.2.3 Sourcer’s Compliance with Instructions. With respect to Customer Personal Data subject to European Data Protection Legislation, Sourcer will comply with the instructions described in Section 5.2.2 (Customer’s Instructions) (including with regard to data transfers) unless EU or EU Member State law to which Sourcer is subject requires other processing of Customer Personal Data by Sourcer, in which case Sourcer will inform Customer (unless that law prohibits Sourcer from doing so on important grounds of public interest) via the Notification Email Address.
6. Data Deletion
6.1 Deletion by Customer. Sourcer will enable Customer to delete Customer Data during the Term in a manner consistent with the functionality of the Service. If Customer uses the Service to delete any Customer Data during the Term and that Customer Data cannot be recovered by Customer, this use will constitute an instruction to Sourcer to delete the relevant Customer Data from Sourcer’s systems in accordance with applicable law. Sourcer will comply with this instruction as soon as reasonably practicable, unless applicable law requires storage. Nothing herein requires Sourcer to delete Customer Data from files created for security, backup, and business continuity purposes sooner than required by Sourcer’s existing data retention processes.
6.2 Deletion on Termination. On expiry of the Term, Customer instructs Sourcer to delete all Customer Data (including existing copies) from Sourcer’s systems in accordance with applicable law. Sourcer will comply with this instruction as soon as reasonably practicable, unless applicable law requires storage. Without prejudice to Section 9.1 (Access; Rectification; Restricted Processing; Portability), Customer acknowledges and agrees that Customer will be responsible for exporting, before the Term expires, any Customer Data it wishes to retain afterwards. If the EU or the UK SCCs are applicable to Sourcer’s processing of Customer Personal Data, the parties agree that the certification of deletion referenced in Clauses 8.5 and 16(d) of the EU and the UK SCCs shall be provided only upon Customer’s written request. Nothing herein requires Sourcer to delete Customer Data from files created for security, backup, and business continuity purposes sooner than required by Sourcer’s existing data retention processes.
7. Data Security
7.1 Sourcer’s Security Measures, Controls and Assistance.
7.1.1 Sourcer’s Security Measures. Sourcer will implement and maintain technical and organizational measures designed to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the “Security Measures”). As described in Appendix 2, the Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of Sourcer’s systems and services; to help restore timely access to personal data following an incident; and for regular testing of effectiveness. Sourcer may update or modify the Security Measures from time to time provided that such updates and modifications do not degrade the overall security of the Service.
7.1.2 Security Compliance by Sourcer Staff. Sourcer will take appropriate steps to ensure compliance with the Security Measures by its staff to the extent applicable to their scope of performance, including ensuring that all such persons it authorizes to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
7.1.3 Sourcer’s Security Assistance. Customer agrees that Sourcer will (taking into account the nature of the processing of Customer Personal Data and the information available to Sourcer) assist Customer in ensuring compliance with any of Customer’s obligations in respect of security of personal data and personal data breaches, including if applicable Customer’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by:
- 7.1.3.1 implementing and maintaining the Security Measures in accordance with Section 7.1.1 (Sourcer’s Security Measures);
- 7.1.3.2 complying with the terms of Section 7.2 (Data Incidents); and
- 7.1.3.2 providing Customer with the information contained in the Agreement including this DPA.
7.2 Data Incidents.
7.2.1 Incident Notification. If Sourcer becomes aware of a Data Incident, Sourcer will: (a) notify Customer of the Data Incident promptly and without undue delay after becoming aware of the Data Incident; and (b) promptly take reasonable steps to minimize harm and secure Customer Data.
7.2.2 Details of Data Incident. Notifications made pursuant to this section will describe, to the extent practicable, details of the Data Incident, including steps taken to mitigate the potential risks and any steps Sourcer recommends Customer take to address the Data Incident.
7.2.3 Delivery of Notification. Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address or, at Sourcer’s discretion, by direct communication (for example, by phone call or an in-person meeting). Customer is solely responsible for ensuring that the Notification Email Address is current and valid.
7.2.4 No Assessment of Customer Data by Sourcer. Sourcer will not assess the contents of Customer Data in order to identify information subject to any specific legal requirements. Customer is solely responsible for complying with legal requirements for incident notification applicable to Customer and fulfilling any third party notification obligations related to any Data Incident(s).
7.2.5 No Acknowledgement of Fault by Sourcer. Sourcer’s notification of or response to a Data Incident under this Section 7.2 (Data Incidents) is not an acknowledgement by Sourcer of any fault or liability with respect to the Data Incident.
7.3 Customer’s Security Responsibilities and Assessment.
7.3.1 Customer’s Security Responsibilities. Customer agrees that, without prejudice to Sourcer’s obligations under Section 7.1 (Sourcer’s Security Measures, Controls and Assistance) and Section 7.2 (Data Incidents):
- 7.3.1.1 Customer is solely responsible for its use of the Service, including:
- 7.3.1.1.1 making appropriate use of the Service to ensure a level of security appropriate to the risk in respect of the Customer Data;
- 7.3.1.1.2 securing the account authentication credentials, systems and devices Customer uses to access the Service;
- 7.3.1.1.3 backing up its Customer Data; and
- 7.3.1.2 Sourcer has no obligation to protect Customer Data that Customer elects to store or transfer outside of the Service.
7.3.2 Customer’s Security Assessment.
7.3.2.1 Customer is solely responsible for reviewing Sourcer’s security processes and evaluating for itself whether the Service, the Security Measures, and Sourcer’s commitments under this Section 7 (Data Security) will meet Customer’s needs, including with respect to any security obligations of Customer under the European Data Protection Legislation or Non-European Data Protection Legislation, as applicable.
7.3.2.2 Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by Sourcer as set out in Section 7.1.1 (Sourcer’s Security Measures) provide a level of security appropriate to the risk in respect of the Customer Data.
7.4 Reviews and Audits of Compliance.
7.4.1 Customer’s Audit Rights.
- 7.4.1.1 If the European Data Protection Legislation applies to the processing of Customer Personal Data, Sourcer will allow Customer or an independent auditor appointed by Customer to conduct audits (including inspections) to verify Sourcer’s compliance with its obligations under this DPA in accordance with Section 7.4.2 (Additional Business Terms for Reviews and Audits). Sourcer will contribute to such audits as described in this Section 7.4 (Reviews and Audits of Compliance).
- 7.4.1.2 If the Standard Contractual Clauses as described in Section 10 (International Data Transfers) are applicable to Sourcer’s processing of Customer Personal Data, without prejudice to any audit rights of a supervisory authority under such Standard Contract Clauses, the parties agree that Customer or an independent auditor appointed by Customer may conduct audits as described in Clauses 8.9(c) and (d) of the EU and the UK SCCs in accordance with Section 7.4.2 (Additional Business Terms for Reviews and Audits).
7.4.2 Additional Business Terms for Reviews and Audits.
- 7.4.2.1 If the European Data Protection Legislation applies to the processing of Customer Personal Data, Customer may exercise its right to audit Sourcer under Sections 7.4.1(a) or 7.4.1(b): (1) where there has been a Data Incident within the previous six (6) months or there is reasonable suspicion of a Data Incident within the previous six (6) months or (2) where Customer will pay all reasonable costs and expenses incurred by Sourcer in making itself available for an audit. Any third party who will be involved with or have access to the audit information must be mutually agreed to by Customer and Sourcer and must execute a written confidentiality agreement acceptable to Sourcer before conducting the audit.
- 7.4.2.2 To request an audit under Section 7.4.1(a) or 7.4.1(b), Customer must submit a detailed audit plan to Sourcer’s Privacy Contact as described in Section 12 (Privacy Contact; Processing Records) at least thirty (30) days in advance of the proposed audit date, describing the proposed scope, duration, and start time of the audit. The scope may not exceed a review of Sourcer’s compliance with the Standard Contractual Clauses or its compliance with the European Data Protection Legislation, in each case with respect to the Customer Data. The audit must be conducted during regular business hours at the applicable facility, subject to Sourcer policies, and may not interfere with Sourcer business activities.
- 7.4.2.3 Following receipt by Sourcer of a request for an audit under Section 7.4.1(a) or 7.4.1(b), Sourcer and Customer will discuss and agree in advance on: (i) the reasonable date(s) of and security and confidentiality controls applicable to any review of documentation; and (ii) the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit under Section 7.4.1(a) or 7.4.1(b).
- 7.4.2.4 Customer will be responsible for any fees it incurs, including any fees charged by any auditor appointed by Customer to execute any such audit.
- 7.4.2.5 Customer will provide Sourcer any audit reports generated in connection with any audit under this section, unless prohibited by law. Customer may use the audit reports only to meet its regulatory audit requirements and to confirm compliance with the requirements of the Standard Contractual Clauses or European Data Protection Legislation. The audit reports, and all information and records observed or otherwise collected in the course of the audit, are Confidential Information of Sourcer under the terms of the Agreement.
- 7.4.2.6 Sourcer may object in writing to an auditor appointed by Customer if the auditor is, in Sourcer’s reasonable opinion, not suitably qualified or independent, a competitor of Sourcer, or otherwise unsuitable. Any such objection by Sourcer will require Customer to appoint another auditor or conduct the audit itself.
- 7.4.2.7 Nothing in this DPA will require Sourcer either to disclose to Customer or its auditor, or to allow Customer or its auditor to access:
- 7.4.2.7.1 any data of any other customer of Sourcer;
- 7.4.2.7.2 Sourcer’s internal accounting or financial information;
- 7.4.2.7.3 any trade secret of Sourcer;
- 7.4.2.7.4 any information that, in Sourcer’s reasonable opinion, could: (A) compromise the security of Sourcer systems or premises; or (B) cause Sourcer to breach its obligations under applicable law or its security and/or privacy obligations to Customer or any third party; or
- 7.4.2.7.5 any information that Customer or its third party auditor seeks to access for any reason other than the good faith fulfillment of Customer’s obligations under the Standard Contractual Clauses or European Data Protection Legislation.
7.4.3 No Modification of Standard Contractual Clauses. Nothing in this Section 7.4 (Reviews and Audits of Compliance) varies or modifies any rights or obligations of Customer or Sourcer under any Standard Contractual Clauses entered into as described in Section 10 (International Data Transfers).
8. Impact Assessments and Consultations
Customer agrees that Sourcer will (taking into account the nature of the processing and the information available to Sourcer) assist Customer in ensuring compliance with any obligations of Customer in respect of data protection impact assessments and prior consultation, including if applicable Customer’s obligations pursuant to Articles 35 and 36 of the GDPR, by providing the information contained in the Agreement including this DPA.
9. Data Subject Rights; Data Export
9.1 Access; Rectification; Restricted Processing; Portability. During the Term, Sourcer will, in a manner consistent with the functionality of the Service, enable Customer to access, rectify and restrict processing of Customer Data, including via the deletion functionality provided by Sourcer as described in Section 6.1 (Deletion by Customer), and to export Customer Data.
9.2 Data Subject Requests.
9.2.1 Customer’s Responsibility for Requests. During the Term, if Sourcer receives any request from a data subject under European Data Protection Legislation in relation to Customer Personal Data, Sourcer will advise the data subject to submit their request to Customer, and Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Service.
9.2.2 Sourcer’s Data Subject Request Assistance. Customer agrees that Sourcer will (taking into account the nature of the processing of Customer Personal Data) reasonably assist Customer in fulfilling an obligation to respond to requests by data subjects described in Section 9.2.1 (Customer’s Responsibility for Requests), including, if applicable, Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR, by complying with the commitments set out in Section 9.1 (Access; Rectification; Restricted Processing; Portability) and Section 9.2.1 (Customer’s Responsibility for Requests).
10. International Data Transfers
10.1 Data Storage and Processing Facilities. Sourcer may, subject to this Section 10 (International Data Transfers), store and process the relevant Customer Data anywhere Sourcer or its Subprocessors maintain facilities.
10.2 Data Transfers under the EU SCCs. The EU SCCs are incorporated into this DPA and apply where the application of the EU SCCs, as between the parties, is required under applicable European Data Protection Legislation for the transfer of personal data. The EU SCCs shall be deemed completed as follows:
- 10.2.1 Where Customer acts as a controller and Sourcer acts as Customer’s processor with respect to Customer Personal Data subject to the EU SCCs, Module 2 applies.
- 10.2.2. Where Customer acts as a processor and Sourcer acts as Customer’s Subprocessor with respect to Customer Personal Data subject to the EU SCCs, Module 3 applies.
- 10.2.3 Clause 7 (the optional docking clause) is not included.
- 10.2.4 Under Clause 9 (Use of sub-processors), the parties select Option 2 (General written authorization).
- 10.2.5 Under Clause 11 (Redress), the optional language will not apply.
- 10.2.6 Under Clause 17 (Governing law), the parties choose Option 1 and select the law of Ireland.
- 10.2.7 Under Clause 18 (Choice of forum and jurisdiction), the parties select the courts of Ireland.
- 10.2.8 Annexes I, II, and III of the EU SCCs are set forth in Appendix 1 below.
10.3 Data Transfers under the IDTA. When used as an addendum to the EU SCCs and the UK IDTA is otherwise required under applicable European Data Protection Law for the transfer of Customer Personal Data, the UK IDTA addendum shall incorporate the selections above and be deemed further completed as follows:
- 10.3.1 Table 1: the parties’ details shall be the parties and their affiliates to the extent any of them is involved in such transfer, including those set forth in Appendix 1, and the Key Contact shall be the contacts set forth in Appendix 1.
- 10.3.2 Table 2: The referenced Approved EU SCCs shall be the EU SCCs incorporated into this DPA.
- 10.3.3 Table 3: Annex 1A, 1B, and II shall be set forth in Appendix 1.
- 10.3.4 Table 4: Either party may end the EU SCCs as set out in Section 19 of the EU SCCs.
10.4 Data Transfers from Switzerland. Where the EU SCCs are required under Swiss data protection law applicable to the transfer of Customer Personal Data, the following additional provisions will apply:
- 10.4.1 References to the GDPR in the EU SCCs are to be understood as references to the Swiss Federal Act on Data Protection (“FADP”) insofar as the data transfers are subject exclusively to the FADP and not to the GDPR.
- 10.4.2 The term “member state” in the EU SCCs shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the EU SCCs.
- 10.4.3 References to personal data in the EU SCCs also refer to data about identifiable legal entities until the entry into force of revisions to the FADP that eliminate this broader scope.
- 10.4.4 Under Annex I(C) of the EU SCCs: where the transfer is subject exclusively to the FADP and not the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner, and where the transfer is subject to both the FADP and the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the FADP, and the supervisory authority is as set forth in the EU SCCs insofar as the transfer is governed by the GDPR.
11. Subprocessors
11.1 Consent to Subprocessor Engagement. Customer specifically authorizes the engagement of Sourcer’s Affiliates as Subprocessors. In addition, Customer generally authorizes the engagement of any other third parties as Subprocessors (“Third Party Subprocessors”). If the Standard Contractual Clauses as described in Section 10 (International Data Transfers) are applicable to Sourcer’s processing of Customer Personal Data, the above authorizations will constitute Customer’s prior written consent to the subcontracting by Sourcer of the processing of Customer Personal Data if such consent is required under the Standard Contractual Clauses.
11.2 Information about Subprocessors.
11.2.1 Information about Subprocessors is available upon request by emailing privacyrequests@sourcer.com (as may be updated by Sourcer from time to time in accordance with this DPA). Subprocessor information will be provided only upon request and is the Confidential Information of Sourcer under this Agreement and must be treated with the level of confidentiality afforded to Confidential Information hereunder.
11.3 Requirements for Subprocessor Engagement. When engaging any Subprocessor, Sourcer will:
a. ensure via a written contract that:
- i. subcontracted to it, and does so in accordance with the Agreement (including this DPA) and any Standard Contractual Clauses entered into or Alternative Transfer Solution adopted by Sourcer as described in Section 10 (International Data Transfers); and
- ii. if the GDPR applies to the processing of Customer Personal Data, the data protection obligations set out in Article 28(3) of the GDPR, as described in this DPA, are imposed on the Subprocessor; and
b. remain liable for all obligations subcontracted to, and all related acts and omissions of, the Subprocessor.
11.4 Opportunity to Object to Subprocessor Changes.
11.4.1 Sourcer may add or remove Subprocessors from time to time. Sourcer will inform Customer of new Subprocessors via a subscription mechanism described in the list of Subprocessors as described above. If Customer objects to a change, it will provide Sourcer with notice of its objection to gdpr-dsar@sourcer.com including reasonable detail supporting Customer’s concerns within sixty days of receiving notice of a change from Sourcer or, if Customer has not subscribed to receive such notice, within sixty days of Sourcer publishing the change. Sourcer will then use commercially reasonable efforts to review and respond to Customer’s objection within thirty days of receipt of Customer’s objection. If Sourcer does not respond to a Customer objection as described above, or cannot reasonably accommodate Customer’s objection, Customer may terminate the Agreement by providing written notice to Sourcer. This termination right is Customer’s sole and exclusive remedy if Customer objects to any new Subprocessor.
12. Privacy Contact; Processing Records
12.1 Sourcer’s Privacy Contact. Privacy inquiries related to this DPA can be submitted to privacyrequests@sourcer.com (and/or via such other means as Sourcer may provide from time to time).
12.2 Sourcer’s Processing Records. Customer acknowledges that Sourcer is required under the GDPR to: (a) collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which Sourcer is acting and, where applicable, of such processor’s or controller’s local representative and data protection officer; and (b) make such information available to the supervisory authorities. Accordingly, if the GDPR applies to the processing of Customer Personal Data, Customer will, where requested, provide such information to Sourcer via the Service or other means provided by Sourcer, and will use the Service or such other means to ensure that all information provided is kept accurate and up-to-date.
13. Liability
13.1 Liability Cap. For clarity, the total combined liability of either party and its Affiliates towards the other party and its Affiliates under or in connection with the Agreement (such as under the DPA or the Standard Contractual Clauses) will be limited to the Agreed Liability Cap for the relevant party, subject to Section 13.2 (Liability Cap Exclusions).
13.2 Liability Cap Exclusions. Nothing in Section 13.1 (Liability Cap) will affect the remaining terms of the Agreement relating to liability (including any specific exclusions from any limitation of liability).
14. Miscellaneous
Notwithstanding anything to the contrary in the Agreement, where Sourcer, Inc. is not a party to the Agreement, Sourcer, Inc. will be a third-party beneficiary of Section 7.4 (Reviews and Audits of Compliance), Section 11.1 (Consent to Subprocessor Engagement) and Section 13 (Liability) of this DPA.
Appendix 1:
Subject Matter and Details of the Data Processing
Subject Matter
Sourcer’s provision of the Service to Customer.
Duration of the Processing
The Term plus the period from the expiry of the Term until deletion of all Customer Data by Sourcer in accordance with the DPA.
Nature and Purpose of the Processing
Sourcer will process Customer Personal Data for the purposes of providing the Service to Customer in accordance with the DPA.
Categories of Data
Data relating to End Users or other individuals provided to Sourcer via the Service, by (or at the direction of) Customer or by End Users. The open nature of the Service does not impose a technical restriction on the categories of data Customer may provide. The personal data transferred may include: name, username, password, email address, telephone and fax number, title and other business information, general information about interest in and use of Sourcer services; and demographic information.
Data Subjects
Data subjects include End Users and the individuals about whom data is provided to Sourcer via the Service by (or at the direction of) Customer or by End Users.
Appendix 2:
Security Measures
Sourcer will implement and maintain the Security Measures set out in this Appendix 2. Sourcer may update or modify such Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Service. Sourcer will:
- Conduct information security risk assessments at least annually and whenever there is a material change in the organization’s business or technology practices that may impact the privacy, confidentiality, security, integrity or availability of Customer Personal Data.
- Regularly and periodically train personnel who have access to Customer Personal Data or relevant Sourcer Systems.
- Maintain secure user authentication protocols, secure access control methods, and firewall protection for Sourcer Systems that Process Customer Personal Data.
- Maintain policies and procedures to detect, monitor, document and respond to actual or reasonably suspected Information Security Incidents.
- Implement and maintain tools that detect, prevent, remove and remedy malicious code designed to perform an unauthorized function on or permit unauthorized access to Sourcer Systems.
- Implement and maintain up-to-date firewalls.
- Implement and use cryptographic modules to protect Customer Personal Data in transit and, when commercially reasonable, at rest.
- Maintain reasonable restrictions on physical access to Customer Personal Data and relevant Sourcer Systems.
Appendix 3:
Annex I of the EU SCCs
A. LIST OF PARTIES
Data exporter(s):
Name: Customer
Activities relevant to the data transferred under these Clauses: Obtaining the Services from Data Importer
Role (controller/processor): Controller or Processor, as applicable
Data importer(s):
Name: Sourcer, Inc.
Address: 1111B S Governors Ave, Ste 20165, Dover, DE 19904 USA
Contact person’s name, position and contact details: Privacy Counsel, legalnotices@sourcer.com
Activities relevant to the data transferred under these Clauses: Providing the Services to Data Exporter.
Role (controller/processor): Processor
В. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
Data subjects include End Users and the individuals about whom data is provided to Sourcer via the Service by (or at the direction of) Customer or by End Users.
Categories of personal data transferred
Data relating to End Users or other individuals provided to Sourcer via the Service, by (or at the direction of) Customer or by End Users. The open nature of the Service does not impose a technical restriction on the categories of data Customer may provide. The personal data transferred may include: name, username, password, email address, telephone and fax number, title and other business information, general information about interest in and use of Sourcer services; and demographic information.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
None anticipated.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Continuously, for the length of the Agreement between the parties.
Nature of the processing
Sourcer will process Customer Personal Data to provide the Service to Customer in accordance with the DPA.
Purpose(s) of the data transfer and further processing
Sourcer will process Customer Personal Data for the purposes of providing the Service to Customer in accordance with the DPA.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
The Term plus the period from the expiry of the Term until deletion of all Customer Data by Sourcer in accordance with the DPA.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
Sourcer’s subprocessors will process personal data to assist Sourcer in providing the Services pursuant to the Agreement, for as long as needed for Sourcer to provide the Services.
C. COMPETENT SUPERVISORY AUTHORITY
The Irish Data Protection Commission.
Annex II of the EU SCCs
TECHNICAL AND ORGANIZATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
See Appendix 2 to the DPA.
Privacy Center
EFFECTIVE APRIL 22, 2024
Privacy At Sourcer
Sourcer understands the importance of data privacy and takes the responsibility of handling and securing personal data seriously. We focus on incorporating data protection principles throughout our platform, program, and services that provide effective data privacy measures for Sourcer, its workforce, partners, and users.
Sourcer’s Privacy and Information Security teams have carefully analyzed applicable privacy laws and regulations and undertaken the necessary steps for our compliance with their requirements. We provide detailed information about the personal data we collect and how we use it in our agreements, in our help articles, and in our Privacy Policy.
Depending on where you are located, you may have certain rights with respect to your personal data, which you can learn about below. Regardless of where you call home, you may close your account or request the deletion of all personal information we have about you at any time.
Learn more about how Sourcer is complying with GDPR and the CCPA in our Privacy Policy.
Europe
The General Data Protection Regulation (GDPR) is a data privacy law that gives residents of the European Union (“EU”) more clarity and control over how their personal data is used. Personal data is anything that can directly or indirectly identify a person, such as a photo, name, bank details, medical information, computer IP address, and so on.
Under the GDPR, companies are required to be transparent about what types of personal data they collect and how they use it, be responsible for secure data processing practices, and provide notification to customers or data subjects when breaches occur.
The United Kingdom General Data Protection Regulation (UK GDPR) is a UK law that is largely based on the GDPR, but went into effect in 2021 as a result of the UK’s withdrawal from the EU. In conjunction with the Data Protection Act 2018, it sets out the key principles, rights and obligations for most processing of personal data in the UK.
The Digital Services Act (DSA) is a European law that aims to ensure a safe and accountable online environment that went into effect November 16, 2022. For the purposes of the DSA, Sourcer has 528 average monthly users in the EU as of January 31, 2024.
Transfer of Data
With respect to transfers that involve personal data that is within the scope of European data protection laws, Sourcer relies on standard contractual clauses as a transfer mechanism to reflect relevant compliance requirements.
We have posted a Data Processing Agreement (“DPA”), governing the relationship between the Customer (as defined in the DPA) and Sourcer with respect to personal data. Unless otherwise agreed to in writing by you and Sourcer, the DPA applies to the extent Sourcer processes any personal data for you as a controller in your role as a Customer.
United States
The data protection landscape in the U.S. is a patchwork of regulations, state laws, and other requirements that are currently in flux. Sourcer’s Legal team performs ongoing monitoring and analysis to determine their application to the personal data we handle and conform to their requirements.
“Sharing” and “Selling” Personal Information
Certain state laws provide rights for individuals to prevent the “sharing” and “sale” of their personal information. Sourcer does not sell your personal information as the term is commonly understood. But we do allow some advertising vendors to use your personal information for internet-based marketing that may be considered “selling” or “sharing” under those definitions. The only means by which Sourcer may “sell” or “share” your personal information is with our third-party marketing partners.
If you are located in a state that provides this right, you may opt out of the “sale” and “sharing” of your personal information by emailing us at privacyrequests@sourcer.com. This opt-out is specific to the browser on the device, so you will need to opt out again if you: 1) later clear your cookies, or 2) visit this site from a different browser or device.
Sensitive Personal Information
State laws have different definitions for personal information that is inherently more sensitive or would pose a greater risk of harm to the individual if mishandled. Sourcer identifies and appropriately handles the data classified as “sensitive personal information” or other elevated classification.
Some state laws allow individuals to limit the use of their sensitive personal information to purposes necessary to perform the services. Sourcer imposes this limitation upon itself inherently, and only uses the limited sensitive personal information it collects to provide, maintain, improve, and secure our services.
How Do I Submit a Data Request?
Depending on where you are located, you may have certain rights with regard to your personal data. These rights may be limited, for example, if fulfilling a request would reveal personal data about another person, or if you ask us to delete data which we are required by law to keep or have compelling legitimate interests in keeping (such as fraud prevention purposes or record retention requirements under applicable laws). In addition, we typically will not remove data you posted publicly or shared with others through or on the Service, as neither you nor Sourcer can delete all copies of data that have been previously shared with others.
If you would like to request to close your account in our system, you can do so through our platform. In addition, you can access, correct, or delete your personal data by making updates to that data through your account. You can also submit a request to us regarding your personal data by emailing privacyrequests@sourcer.com. Please note that if your data is deleted, then your account may become deactivated. If your account is deactivated or you ask to close your account, you will no longer be able to use the platform.
Additional Resources
Cookie Policy
EFFECTIVE APRIL 22, 2024
This policy describes how Sourcer uses cookies and other related technologies (collectively referred to as “cookies”) when you interact with us on https://sourcer.com (the “Site”) as set forth in the Sourcer Privacy Policy.
By visiting or using the Site, you agree that we can use the cookies described in this Cookie Policy. You can stop or update your cookie preferences by changing the settings in your browser (more information on how to do this is provided below) or adjusting the settings at the bottom of the homepage labeled “Cookie Settings”. We may modify this Agreement without notifying you, so please check back often for updates.
What Are Cookies?
Cookies are text files, containing small amounts of information, which are downloaded to your browsing device (such as a computer or smartphone) when you visit a website. Cookies can be recognized by the website that downloaded them, or by other websites that use the same cookies. First-party cookies are cookies that belong to Sourcer, or are placed on your device by Sourcer. Third-party cookies are cookies that another party places on your browsing device through our Site.
What Are Cookies Used For?
Cookies do lots of different jobs, like helping us understand how the Site is being used, letting you navigate between pages efficiently, remembering your preferences, and generally improving your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.
What Type of Cookies Does Sourcer Use?
To provide you with the best browsing experience, Sourcer uses the following types of cookies: Strictly Necessary, Performance, Functional, and Targeting Cookies. You can find out more about each cookie category in the sections below.
Strictly Necessary Cookies
These cookies are essential, as they enable you to move around the Site and use its features, such as accessing secure areas. Without these cookies, some services you have asked for such as payment submission can’t be provided. These cookies cannot be switched off in our systems, because they are necessary for Site functionality. While you can set your browser to block or alert you about these cookies, some or all parts of the Site may not function.
Performance Cookies
These cookies collect information about how you use the Site, for example which pages you go to most often and if you get error messages from certain pages. These cookies gather only aggregated or anonymous information that does not identify you.
Functionality Cookies
These cookies allow the Site to remember choices you make (such as your username or the region you’re in). For instance, the Site uses functional cookies to remember your language preference. These cookies can also be used to remember changes you’ve made to text size, font and other parts of pages that you can customize. They may also be used to provide services you’ve asked for such as watching a video or commenting on a blog. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting Cookies
These cookies are used to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign. They remember that you have visited a website and this information may be shared with other organizations such as advertisers. This means after you have been to the Site you may see some advertisements about our services elsewhere on the Internet.
How Long Will Cookies Stay on My Browsing Device?
The length of time a cookie will stay on your browsing device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your browsing device until they expire or are deleted.
How To Control And Delete Cookies Through Your Browser?
The browser you are using to view the Site can enable, disable or delete cookies. To do this, follow the instructions provided by your browser (usually located within the “Help,” “Tools” or “Edit” functions). Please note that if you set your browser to disable cookies, you may not be able to access certain parts of the Site ( e.g. to apply for a job or post a job. Other parts of the Site may also not work properly. You can find out more information about how to change your browser cookie settings at www.allaboutcookies.org.
Also, you may update your cookie preferences by clicking the “Cookie Settings” button at the bottom of the Site’s homepage.
Contacting Us
If you have any questions about this Cookie Policy, please contact us at https://sourcer.com/contact or by mail addressed to Attn: Legal, 1111B S Governors Ave, Ste 20165, Dover, DE 19904, USA.