Privacy Policy

Last Updated May 21, 2018

1. Introduction

Welcome to the Toptal website (“Site”). Toptal LLC (“Toptal”, “we”, “us”, and/or “our”) operates this Site to provide our users (“you” and “your”) with information about Toptal and its platform.

Toptal is used by professional freelancers (“Freelancers”) who wish to offer their development, engineering and other services (“Services”) and clients who need the Services (“Clients”). Freelancers that have passed our screening process and are admitted to our network of professional Freelancers (“Network”) are referred to as “Talent”. For purposes of this policy the term “Freelancers” is broader in scope and includes both Talent and Freelancers who are not Talent. The Personal Data we receive from Freelancers and Clients and how we handle it differs, so we explain our data practices for Freelancers and Clients in two distinct sections below. Click on the one that applies to you: Freelancers; Clients.

2. Scope

This Privacy Policy sets out how Toptal collects, retains, and uses information, including personal data (“Personal Data”), about Freelancers, Clients, other Site visitors and individuals, including our vendors, partners, blog readers, and job applicants, as well as users of Toptal software offerings such as our image sharing and editing tool Collabshot. This Privacy Policy also covers data that Toptal collects in-person, for instance at business conferences and trade shows.

3. Freelancers

3.1. Information We Collect

A. Information That You Provide To Us

When you apply as a Freelancer on the Site, you are asking to be admitted to our Network. In order to admit you to the Network and match your qualifications with our Client’s needs, we need to perform a screening process, which evaluates your language skills, personality, domain-specific knowledge, competence and professionalism. We may also need to screen potential Freelancers for specific technical skills, as required by our Clients. In this context, you will be asked to provide information about yourself, which includes:

  • your name
  • contact information
  • address
  • location
  • work experience
  • education
  • photo
  • social network information
  • family information
  • billing information

Our provider of background check services may collect additional data about you (including information about criminal convictions or offences) if and when we undertake vetting / background checks. If applicable to you, your consent to the collection of such additional data will be solicited at such time, pursuant to applicable laws.

When you participate in the community of Toptal’s experts on our Site, we will collect the information that you elect to share in that context.

We will use certain of your Personal Data to enable you to create a profile to be displayed within the Services; this profile is searchable and may be viewed by Clients seeking Freelancers.

Once you are admitted to the Network and you are matched with a Client, we will receive from our Clients information regarding the performance of your services to that Client, as necessary for maintaining standards of integrity and excellence in our Network.

B. Information Obtained From Third Parties

We collect information about you that we receive from our affiliates, such as TopTracker LLC, in relation to the TopTracker application which helps you keep track of how you spend your time. Please refer to the TopTracker privacy policy for information regarding the scope of collected data. The disclosures and practices made in this Privacy Policy equally apply to such data that we receive from TopTracker.

C. Automatically Collected Data

When you interact with Toptal through the Site or services, we collect automatically certain information. Please read the “Site Visitors” section below for more information.

3.2. How We Use the Information

A. To Provide The Service And Respond To Requests

Toptal uses the Personal Data you provide in a manner that is consistent with this Privacy Policy. If you provide Personal Data for a certain reason, we will use the Personal Data in connection with the reason for which it was provided.

In particular, we use data that you provide to us (described above) in order to process your request to become a Freelancer and administer our contract with you once you become a member of the Network. For individuals in the EU, our use of Personal Data that you provide to us is necessary in order to implement your request to become a Freelancer prior to entering into a contract with us and, once you are admitted to our Network, to perform our contract with you.

B. As Necessary For Certain Legitimate Interests

We use your Personal Data for the legitimate interests described below:

  • To send administrative information to you, for example, information regarding the Site and changes to our terms, conditions, and policies.
  • To conduct analytics on how the Site and our Service are being used by you for our internal purposes, namely for providing, maintaining, benchmarking and improving our offerings, and identifying usage trends.
  • We use data relating to your use of and interaction with the Site and the Services, including use of product features by you and information that we obtain through cookies and other technologies, to better understand your needs and interests in order to personalize your experience with our Services.
  • To market our services and showcase Freelancers (in particular, we can feature certain profiles of Freelancers to drive traffic from potential Clients).
  • To prevent fraud or criminal activity, misuses of our products or services, and ensure the security of our IT systems, architecture and networks.
  • To (a) comply with legal obligations and legal process, (b) respond to requests from public and government authorities including public and government authorities outside your country of residence; (c) enforce our terms and conditions; (d) to protect our operations; (e) protect our rights, privacy, safety or property, and/or that of you or others; and (f) allow us to pursue available remedies or limit the damages that we may sustain.
  • If you ask us to delete your data and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing.

For individuals in the EU, please see the “EU Individuals” section below for information on our legitimate interests and your rights.

4. Clients

4.1. Information We Collect

A. Information that you provide to us

We collect Personal Data from our prospective Clients when we receive a request for hiring our Freelancers. This includes names and contact information of prospective Client’s representatives, and any information relating to the Client’s needs. We also collect Personal Data that is entered on our Site or sent to us electronically, for example when you complete a web form to give Personal Data to us directly (such as on our “Contact Us” page), when you voluntarily provide such information such as when you register for access to the platform (for example, your name and mailing address), contact us with inquiries or respond to one of our surveys. Wherever Toptal collects Personal Data we make an effort to provide a link to this Privacy Policy.

B. Information Obtained From Third Parties

We may supplement the information that we collected from you (such as your email address) with additional information about you and your company obtained from publicly available and third-party databases or services that provide information about business people and companies (including an individual’s name, job title, business contact information, and company information).

C. Automatically Collected Data

When you interact with Toptal through the Site or services, we collect automatically certain information. Please read the “Site Visitors” section below for more information.

4.2. How We Use the Information

A. To Provide The Services And Respond To Requests

Toptal uses the Personal Data you provide in a manner that is consistent with this Privacy Policy. If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem. Also, if you provide Personal Data in order to obtain access to the Services, we will use your Personal Data to provide you with access to such Services, maintain your account, contact you regarding your use of the Services and/or the Site or to notify you of important changes to the Services and/or the Site, and to monitor your use of such services. For individuals in the EU, such use is necessary to respond to or implement your request and for the performance of the contract between you and us.

B. For Marketing Purposes

We may use your contact details to tell you about services we believe will be of interest to you, upcoming events or other promotions. If we do so, each marketing communication we send you will contain instructions permitting you to “opt out” of receiving future marketing communications. Note however that as user of our services you cannot opt out of some administrative communications that are reasonably necessary to the services, such as billing or service notifications. In addition, if at any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below.

Where required by applicable law (for example, if you are an individual in the EU), we will only send you marketing information by email if you consent to us doing so at the time you provide us with your Personal Data. When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you or by contacting us as indicated below.

C. As Necessary For Certain Legitimate Interests

We use your Personal Data for the legitimate interests described below:

  • To send administrative information to you, for example, information regarding the Site and changes to our terms, conditions, and policies.
  • To respond to your inquiries and fulfill your requests, such as to send you requested materials and newsletters, as well as information and materials regarding our products and services.
  • To conduct analytics on how the Site and our Service are being used by you for our internal purposes (namely for providing, maintaining, benchmarking and improving our offerings, identifying usage trends and determining the effectiveness of our promotional campaigns) and to inform our marketing strategy and personalize our communications with you (including providing information on our features and other marketing and service-related announcements relevant to the content and features you engage with).
  • To supplement the information that we collected from you with information obtained from third parties (described above) in order to update, expand and analyze our records, identify new Clients, and provide products and services that may be of interest to you.
  • To prevent fraud or criminal activity, misuses of our products or services, and ensure the security of our IT systems, architecture and networks.
  • To (a) comply with legal obligations and legal process, (b) respond to requests from public and government authorities including public and government authorities outside your country of residence; (c) enforce our terms and conditions; (d) protect our operations; (e) protect our rights, privacy, safety or property, and/or that of you or others; and (f) allow us to pursue available remedies or limit the damages that we may sustain.
  • If you ask us to delete your data and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing.

For individuals in the EU, please see the “EU Individuals” section below for information on our legitimate interests and your rights.

If Toptal intends on using any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the Personal Data is collected and pursuant to the applicable law.

5. Job Applicants

5.1. Information We Collect

A. Application and assessment process

When you apply for employment through our Site, our provider of recruiting services will collect the Personal Data that you provide in your resume and covering letter. It is for you to decide what you include in these documents. However, the kinds of information you may wish to include are: your name, contact details, employment history and education.

If you are invited to undertake further assessments (such as an interview) in connection with your application and you participate in such assessments, we will collect further Personal Data that you provide to us as part of that process. The kinds of information you may disclose include information about your qualifications and information about your employment experience. You may choose to disclose salary history or salary expectations.

If you do not provide us with certain information when requested, it may impact our ability to assess your suitability for a role with us or we may not be able to make you an offer of employment.

Throughout the recruitment process, we may create Personal Data in connection with the assessment of your application. For example, we may record the views of those considering your application about your suitability for the role for which you have applied and retain interview notes.

We have a legitimate interest in facilitating the interview process and communicating offers of employment to you, making informed recruitment decisions and selecting suitable candidates for roles with us, and improving our recruiting and hiring processes.

We will retain your contact details and resume to inform you of current and future career opportunities (unless you tell us that you do not want us to keep your details for that purpose) pursuant to our legitimate interest in doing so.

B. If your application is successful

If your application is successful we will collect further Personal Data about you in connection with conducting reference and background checks where required or permitted by applicable local law (including if applicable to you special categories of Personal Data, and your consent to the collection of such additional data will be solicited at such time, pursuant to applicable laws). We will also collect copies of relevant identification documents from you (such as your passport or driving license, proof of address, a copy of your work permit (where applicable), a photograph and a copy of your signature). We use this information to comply with immigration requirements and to verify your identity for our own internal security purposes. We have a legitimate interest in collecting and using this data to comply with our legal obligations and for the performance of your employment contract with us.

If you are hired, your Personal Data will be used as part of your employee record under our employee privacy policies.

Please see the “EU Individuals” section below for information on your rights in relation to the Personal Data we hold about you.

C. Automatically Collected Data

When you interact with Toptal through our Site in relation to your application, we collect automatically certain information. Please read the “Site Visitors” section below for more information.

6. Site Visitors

When you interact with Toptal through the Site or the Services (whether as a Freelancer, as a Client, a job applicant, a blog reader, software end user, or other visitor to our Site), we and our service providers acting on our behalf will automatically collect information about you through cookies (small text files placed on your device) and other technologies. Please see our Cookie Policy to learn more about how we use cookies and other technologies.

As a visitor to our Site, our servers record information (“log data”), including information that your browser automatically sends whenever you visit the Site. This log data includes your Internet Protocol (“IP”) address (from which we understand the country you are connecting from at the time you visit the Site), browser type and settings, the date and time of your request.

Where the information that we collect automatically on our Site is Personal Data, our legal basis for the use of this information is that it is necessary for the purposes of our legitimate interests in maintaining the safe operation of our Site as well as in learning how Site visitors interact with our Site to improve your use of it.

7. Software end users

When you use Toptal software Collabshot, we will collect account level data (your name, email and password) for access, storage of historical data, and operation of software. If you create an account by using credentials from a third party service or sign-in services such as your Google account, these services will authenticate your identity and provide you with the option to share certain Personal Data, such as name and email address(es), with us. Use of account level data is necessary to perform a contract with us in relation to your use of the software or it is in our legitimate interest to respond to your requests and ensure we provide our services in the best way that we can.

When you use the software, we may collect usage statistics for analytics and to support and troubleshoot the software to give you a better user experience. We have a legitimate interest in conducting usage statistics to ensure our software is working as intended and to make improvements to our services. We use service providers to assist in authentication of users and cloud hosting the storage and retrieval of screenshots.

Toptal’s software has online components and cookies are required for full functionality. For more information on Collabshot’s cookie usage please see the Collabshot Cookie Policy. TopTracker is part of Toptal’s main domain and information on the cookies set when you use TopTracker can be found on Toptal’s Cookie Policy.

8. Events

We may collect Personal Data from you when you attend one of our events, for instance at business conferences and trade shows. The data we collect includes information that you voluntarily give to us, such as your business card or contact details. We will use this information to develop a business relationship and in a manner consistent with the purpose you gave the information for.

Where required by applicable law (for example, if you are an individual in the EU), we will ask your consent before or when sending you marketing information by email. When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you or by contacting us as indicated below.

9. Our Disclosure of Your Personal Data and Other Information

Toptal is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties, as set forth below:

Business Transfers

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.

Agents, Consultants and Other Service Providers**

Toptal, like many businesses, sometimes hires other companies to perform certain business-related functions. These parties include website analytics companies, providers of digital advertising services, our hosting and cloud computing service providers, providers of CRM, marketing and sales software solutions, providers of billing and processing payments functions, providers of background check services. When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function. Pursuant to our instructions, these parties may access, process or store Personal Data in the course of performing their duties to us and solely in order to perform the services we have hired them to provide.

Toptal may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Toptal, (iii) act in urgent circumstances to protect the personal safety of users of the Site or the public, or (iv) protect against legal liability.

10. EU Individuals

Scope

This section applies solely to individuals in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland). Our Privacy Policy describes why and how Toptal collects, uses and stores your Personal Data, the lawful basis on which your Personal Data is processed, and what your rights and our obligations are in relation to such processing (please see “Your Rights” section below).

Data Controller

Toptal is the data controller for processing your Personal Data. The data controller is responsible for deciding how Personal Data about you is used. Please see the “Contacting Toptal” section below to find out how to contact us, which also provides the contact details of our representative in the EU for purposes of the General Data Protection Regulation.

Your Rights

Subject to applicable EU law, you have the following rights in relation to your Personal Data:

  • Right of access. If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification. If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to erasure. You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
  • Right to restrict processing. You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to data portability. You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object. You may ask us at any time to stop processing your Personal Data, and we will do so:
    • If we are relying on a legitimate interest to process your Personal Data – unless we demonstrate compelling legitimate grounds for the processing or
    • If we are processing your Personal Data for direct marketing.
  • Rights in relation to automated decision-making and profiling. You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, which produce a significant legal effect on you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us, or with your explicit consent. We are not currently processing your Personal Data for such type of automated decision-making, including profiling, but if we elect to do so in the future we will provide you with notice and choice, in accordance with EU data protection law.
  • Right to withdraw consent. If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
  • Right to lodge a complaint with the data protection authority. If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

You may exercise your rights by contacting us as indicated under “Contacting Toptal” section below.

Legitimate Interest

“Legitimate interests” means our interests in conducting and managing our organization and delivering the best Services to you. This Privacy Policy describes when we process your Personal Data for our legitimate interests, what these interests are and your rights. We will not use your Personal Data for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted by law. You have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section above.

Data Transfers

Toptal is based in the United States. When you apply as a Freelancer or use our services as a Client, or otherwise use our Site, your Personal Data will be transmitted to servers in the United States as necessary to provide you with the services that you requested, administer our contract with you or to respond to your requests as described in this Privacy Policy, and the data may be transmitted to our service providers supporting our business operations (described above). The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. Where we transfer your Personal Data out of the European Economic Area (EEA) we will take steps to ensure that your Personal Data receives an adequate level of protection where it is processed and your rights continue to be protected.

Data Retention

Our policy is to keep your Personal Data only for as long as is reasonably necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.

To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.

11. Your Choices

You can use the Site without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain services.

12. Exclusions

This Privacy Policy does not apply to any Personal Data collected by Toptal other than Personal Data collected through the Site or services. This Privacy Policy shall not apply to any unsolicited information you provide to Toptal through this Site or through any other means (without prejudice to your rights under the applicable law). This includes, but is not limited to, information posted to any public areas of the Site, such as forums (collectively, “Public Areas”), any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and Toptal shall be free to reproduce, use, disclose, distribute and exploit such Unsolicited Information without limitation or attribution.

13. Children

Toptal does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data through the Site. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on this Site without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to Toptal through this Site, please contact us, and we will endeavor to delete that information from our databases.

This Site may contain links to other websites not operated or controlled by Toptal (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy practices and policies.

15. Security

Toptal takes reasonable and appropriate steps to protect the Personal Data provided via the Site or the services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet, email or other electronic transmission is ever fully secure or error free, so you should take special care in deciding what information you send to us in this way.

16. Other Terms and Conditions

Your access to and use of this Site is subject to our Website Terms & Conditions.

17. Changes to Toptal’s Privacy Policy

The Site and our business may change from time to time. As a result, at times it may be necessary for Toptal to make changes to this Privacy Policy. Toptal reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice, unless otherwise required by the applicable law. Please review this policy periodically, and especially before you provide any Personal Data. Your continued use of the Site after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy, without prejudice to your rights under the applicable law.

18. Contacting Toptal

Please contact us if you have any questions about Toptal’s Privacy Policy or the information practices of this Site.

You may contact us as follows: by email at privacy@toptal.com, or by post at:

Toptal, LLC
Attention: Privacy Policy Query
548 Market St #36879
San Francisco CA 94104

If you are an individual in the EU, you can also contact VeraSafe, who has been appointed as Toptal’s representative in the EU for data protection matters, pursuant to Article 27 of the General Data Protection Regulation.

You may contact VeraSafe directly about the processing of your Personal Data by using this contact form. Alternatively, VeraSafe can be contacted at:

Matthew Joseph
Zahradníčkova
1220/20A
Prague 15000
Czech Republic

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland