Privacy Policy

Responsible for data processing: FRATCH.IO GmbH

The term ‘FRATCH’ or ‘we’ refers to the company FRATCH.IO GmbH registered in the commercial register of the Munich Local Court under the number HRB 28149 and business address at Schönfeldstraße 17 in 80539 Munich, Germany (hereinafter ‘FRATCH’).

FRATCH is responsible for the data processing described in this policy.

Contact details of our data protection officer

You can address any questions regarding the protection of your personal data at FRATCH or requests to exercise your rights (access, rectification, objection, erasure, restriction, portability and data management in the event of death) to our data protection officer

  • by e-mail to info@fratch.io
  • by post to FRATCH.IO GmbH, ℅ SF17 CoWorkingspace, Schönfeldstraße 17, 80539 Munich, Germany

Entry into force and amendment

This Privacy Policy will automatically enter into force for all users from 1 October 2024 and we reserve the right to amend this Privacy Policy at any time. The latest version of the policy governs how we use your data and is available at fratch.io/privacy-policy. In the event of a material change to this policy, you will be notified via the email address you provided when you registered. If you continue to use the platform or visit the website after such changes have been made, you will be deemed to have consented to the changes.

1. What data we process, for what purposes and on what basis

In general, we use your data to provide you with our services as defined in the GTC. We may process certain data on the basis of your consent, on the basis of our legitimate interest or to fulfil a legal obligation.

Group of data subjects: Freelancers

We may process different types of personal data about you:

  • Personal information: Surname, first name, place and date of birth, nationality and official national identification number if applicable, telephone number, email address, location, profile photo, language;
  • Professional information: Legal form, legal documents, VAT number, identity of the company's legal representative, previous professional experience and CV, portfolio, project preferences, education, social networks;
  • Bank information: Bank details;
  • Information generated by your use of the platform: Emails and telephone conversations with our teams, cookies and browser data, details of transactions, recommendations, exchanges via the integrated messenger, information about completed projects.

Group of persons concerned: clients

We may process different types of personal data about you:

  • Personal information: Surname, first name, date of birth, email address, profile photo;
  • Information about the company: Company logo, industry, number of employees, billing and contact details, bank details;
  • Information generated by your use of the platform: Emails and phone calls with our teams, cookies and browser data, details of transactions, information about completed projects, reviews and recommendations, usage data of the integrated messenger (content of the conversation).

2. The use of AI at FRATCH

FRATCH's algorithm is based on artificial intelligence (AI). This AI analyses the personal data collected and the data generated by the use of the platform (as described above) in order to suggest freelancer profiles and freelancer projects to clients and optimise their visibility.

We may also use artificial intelligence to ensure the security of the platform (e.g. recognising bots, preventing fraud and spam).

3. Recipients of the data and possible transfers

FRATCH is the recipient of the personal data collected via the platform and uses it only for the purposes explained above. Under no circumstances do we sell this information to third parties.

3.1 Transfers between users

We may share information about Users in order to (1) facilitate their interaction, (2) provide them with business opportunities that match the Freelancer's skills and the Client's requirements, and (3) facilitate the arrangement of projects.

Certain clients may be based outside the EU. Some are based in countries subject to an adequacy decision by the European Commission. For other countries, measures have been taken with the clients in accordance with applicable data protection law to ensure the transfer of data, such as the standard contractual clauses adopted by the European Commission.

3.2 Disclosure to our investors, accountants and auditors

We may share information about users in order to respond to requests for information from our investors, accountants and auditors, in particular in connection with a potential capital raising or verification of the use of the capital raised, in accordance with applicable regulations.

3.3 Disclosure to authorised third parties

We may retain or disclose your information as we deem necessary to comply with legal or regulatory obligations, governmental requests or legal process, to protect the safety of any person, to address issues of a fraudulent, security or technical nature, or to protect the rights or property of our users.

3.4 Information about the location of the data

All our servers on which your data is stored are located in Europe.

4. Data security

We attach great importance to the security and confidentiality of our users' data.

We implement appropriate technical and organisational measures to ensure the ongoing security, confidentiality, integrity, availability and resilience of our information system and your data in order to protect the data we process from destruction, loss, alteration, disclosure or unauthorised access.

In particular:

  • We encrypt most of our services using SSL technology;
  • We verify your email address when you create your account;
  • We conduct internal audits of data collection, storage and processing as well as physical security measures to prevent unauthorised access to our systems;
  • Access to personal data is strictly limited to FRATCH employees and service providers who require access in accordance with the principle of data minimisation in order to process the data on our behalf. These individuals are subject to strict confidentiality obligations and may be subject to disciplinary action, up to and including dismissal, if they fail to comply.

5. Your rights

Descriptions of each of your rights and how you can exercise them can be found at app.fratch.io/privacy-policy.

You have the following rights under the Privacy Policy:

5.1 Right of access - Article 15 GDPR

You have a right of access to your personal data processed by FRATCH. You may inspect the data we have about you and request a copy of it, whereby the rights of third parties whose personal data may be contained in your data must be respected.

5.2 Right to rectification - Article 16 GDPR

You may request FRATCH to rectify your personal data that is incorrect, outdated or incomplete. This request must be justified. To make it as easy as possible for you to exercise this right, we ask you to make these changes and additions directly in your account. If you believe that other data about you needs to be changed or supplemented and you cannot make this change yourself, please send a corresponding request by e-mail to info@fratch.io.

5.3 Right to erasure - Article 17 GDPR

You have the right to request the immediate erasure of personal data concerning you, unless we have a legitimate interest in doing so or we have a legal obligation to retain this data.
For security reasons and to avoid unintentional account deletion, we ask you to request the deletion of your data by closing your account yourself. To do this, log in to your account and follow this link: app.fratch.io/profile/settings/account-management/delete.

5.4 Right to restriction - Article 18 GDPR

You can ask FRATCH to restrict the processing of your data if one of the following applies

  • You contest the accuracy of the personal data concerning you. In this case, we will make your data unrecognisable until we have been able to verify the accuracy of the data;
  • You believe that the processing of your data is unlawful, oppose the erasure of your data and request the restriction of their use instead;
  • We no longer need your personal data for the purposes of processing, but they are still required to enable you to assert, exercise or defend legal claims;
  • You have exercised your right to object. We will restrict the processing of your data while we check whether the legitimate reasons we are pursuing outweigh your right.

If we decide to lift the restriction on the processing of your personal data, we will inform you of this.

5.5 Right to object - Article 21 GDPR

You can object to the use of your data if the following two conditions are met (i) you have grounds relating to your particular situation, and (ii) the legal basis for our use is the pursuit of a legitimate interest.
FRATCH will then cease processing unless there are compelling and legitimate grounds for continuing the processing (e.g. tax returns, social security declarations, etc.) or for the establishment, exercise or defence of legal claims.

For example, you can object to FRATCHt sending you communications, in particular advertising communications. For this purpose, we provide you with an unsubscribe link in all emails we send you and you can manage your notification preferences directly in the ‘Communications’ section of our Privacy Centre: app.fratch.io/profile/settings/communication.

5.6 Right to data portability - Article 20 GDPR

You can request the transfer of your FRATCH data at any time. If you exercise this right, we undertake to provide you with the data you have provided to us within a reasonable period of time and in a machine-readable format, regardless of whether we have received the data from you or through your activity on the platform.

5.7 Right to withdraw consent - Article 7 of the GDPR

If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. However, this does not affect the validity of your consent for the past.

5.8 Right to lodge a complaint with a supervisory authority

If a dispute cannot be resolved amicably, you always have the right to contact the competent data protection authority to lodge a complaint.
You can contact any data protection authority, in particular in your country of residence, in the country where you work or in the country of which you are a national. List of authorities in the EU: ec.europa.eu/justice/article-29/structure/data-protection-authorities

Want to know more about FRATCH?

Register now and receive our monthly FRATCH newsletter. An overview of all FRATCH updates and exciting news and tips about the world of work straight to your inbox.