Privacy Policy for GLOVN

*Last Updated: 28.03.2025

GLOVN ("we," "us," or "our") values your privacy and is committed to safeguarding the personal information we collect, use, and share in compliance with applicable data protection and privacy laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Children’s Online Privacy Protection Act (COPPA), and other relevant U.S. federal and state privacy laws. This Privacy Policy (“Privacy Policy”) outlines our practices regarding the collection, use, storage, disclosure, and protection of your personal data when you use the GLOVN platform (“GLOVN Platform” or “Platform”). It also explains your rights and choices concerning your personal data and how you can exercise those rights. By using our services, you agree to the collection and use of information in accordance with this Privacy Policy, as applicable under the governing privacy laws of your jurisdiction. If you accept this Privacy Policy on behalf of an entity or organization, you represent and warrant that you have the authority to bind that entity or organization to this Privacy Policy and that such entity or organization agrees to be bound by the terms set forth herein.

Scope of This Privacy Policy

This policy applies to the personal data we collect from users, which may include both Interns and Campaign representatives, when they interact with our Platform. For the purposes of this Privacy Policy, a Campaign refers to any political campaign, candidate, or organization seeking to recruit interns or staff through the GLOVN Platform. It also describes the rights of users under the GDPR, the CCPA, the CPRA, and other applicable data protection and privacy laws. This policy covers personal data collected through our website, mobile applications, and any related services or communications. If you are accepting this Privacy Policy on behalf of an entity or organization, you represent and warrant that you have the authority to bind that entity or organization, and that such entity or organization agrees to be bound by the terms set forth in this Privacy Policy.

Data Collection

Our data collection process is separated into two categories: Intern and Campaign data. Below is a detailed list of the types of personal data collected in each category.

Interns

We collect the following data when you register and use the Platform as an intern:

• Name
• Email
• Political Affiliation
• Bio Information
• University attended/attending
• Home State
• Course of Study

Campaigns

We collect the following data when you register and use the Platform as a campaign representative:

• Name
• Email
• Political Affiliation
• Position Running
• State where running for office
• Bio Information
• Money available for interns
• Survey Data

Consent to Collect, Process, and Disclose Political Affiliation Information

1. Purpose of Collection and Use

We may collect and process information regarding your political affiliation ("Political Affiliation Information") to provide relevant services on our platform, including facilitating networking, connecting users with shared interests, and promoting public engagement.

This data will only be collected with your explicit consent and will be used for the purposes described in this Privacy Policy or any additional purposes that are clearly communicated and agreed to by you.

2. Legal Basis for Processing

By accepting this Privacy Policy, you are providing us with your explicit consent to process and publicly display on the Platform your Political Affiliation Information as part of your profile or in connection with Platform activities. This information will be accessible to other users and may be searchable by third parties depending on the privacy settings you choose.

Purpose of Data Collection

We process personal data for the following purposes to ensure that our Platform operates effectively, efficiently, and in compliance with relevant legal standards:

Providing and Managing the Platform

• Facilitating the matching of interns with political campaigns (as defined in this policy).
• Providing tools for managing user profiles, including account settings and preferences, and enabling seamless interactions between campaigns and interns.
• Ensuring proper functionality and performance of Platform features related to job postings, applicant tracking, and communication.

Analytics and Performance Monitoring

• Tracking Platform usage, user activity, and engagement patterns to enhance functionality, improve user experience, and identify potential system improvements.
• Generating reports and performance metrics to understand overall user engagement, including intern and campaign interactions.
• Conducting trend analysis to inform Platform updates and upgrades.

Communications

• Sending notifications related to Platform updates, security alerts, and new feature releases.
• Facilitating communications between interns and campaigns through messaging or email services within the Platform.
• Providing reminders, confirmations, or follow-up notifications regarding application submissions, interviews, or onboarding processes.

Compliance with Legal Obligations

• Complying with applicable legal obligations under the relevant privacy laws.
• Maintaining accurate and complete records as required by law.
• Ensuring that data subject rights (such as access, deletion, or correction) are respected and properly executed.

Billing and Payment

• Processing payments from campaigns for the use of Platform services and managing transaction records securely.
• Ensuring compliance with applicable financial and tax regulations.
• Verifying payment status and resolving any billing-related issues.

Security and Fraud Prevention

• Implementing security measures to protect user data from unauthorized access or misuse.
• Monitoring user activity to detect and prevent fraudulent or malicious actions on the Platform.
• Investigating and responding to security incidents or breaches in accordance with applicable laws.

Legal Basis for Processing

We process personal data in compliance with applicable data protection laws based on the following legal bases:

Consent

• When you explicitly provide your consent for specific data processing activities, such as subscribing to marketing communications, newsletters, or promotional updates.
• You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Consent may also be required for certain optional data collection activities, such as surveys or feedback forms.

Contract

• To fulfill our contractual obligations when you register, create an account, and use our Platform.
• This includes facilitating interactions between interns and campaigns, processing applications, managing accounts, and delivering services as specified in our terms and conditions.
• Personal data necessary to perform contractual obligations includes contact information, billing details, and usage activity.

Legal Obligation

• To comply with applicable laws, regulatory requirements, and lawful requests from authorities.
• This includes tax, financial, and data protection obligations, such as maintaining accurate financial records and facilitating data subject rights under the applicable privacy laws.
• We may process data for audits, legal investigations, and responding to legal claims.

Legitimate Interests

• To provide and continuously improve the Platform’s functionality, security, and overall user experience.
• This includes monitoring usage trends, addressing technical issues, and enhancing performance to ensure users have a positive experience.
• To detect and prevent fraud, unauthorized access, or misuse of the Platform.
• For internal research, business analytics, and operational management aimed at optimizing services and business performance.
• To maintain the security of the Platform, including network integrity, data security, and fraud prevention.

Public Interest or Vital Interests

• In limited situations, we may process personal data when it is necessary to protect an individual’s vital interests, such as in emergencies involving health or safety.
• This basis may also apply if the processing is necessary for tasks carried out in the public interest or under official authority, if applicable to our services.

Data Sharing and Transfers

We take your privacy seriously and only share personal data with third parties when necessary and under appropriate safeguards. Below are the circumstances under which we may share your data:

Service Providers

• We may share your personal data with trusted third-party service providers that assist in delivering and maintaining our platform and services. These service providers include, but are not limited to:
  • Cloud hosting providers and data storage services to ensure platform availability and performance.
  • Payment processors to facilitate billing and payment-related activities.
  • IT service providers for maintenance, troubleshooting, and security monitoring.
  • Marketing and analytics providers for tracking usage and improving the platform experience.
• All service providers are contractually bound to process your data only for the purposes outlined in this policy and are required to implement appropriate security measures.

Legal Compliance

• We may disclose your personal data when required to do so by law, regulation, or court order, or to protect our legal rights and comply with legal obligations. This includes:
  • Responding to subpoenas, legal proceedings, or regulatory requests.
  • Addressing claims of misuse or illegal activities associated with our platform.
  • Preventing fraud, security breaches, or other unlawful activities.

Business Transfers

• In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of the transaction. In such cases, we will ensure that the recipient organization is contractually obligated to maintain privacy standards consistent with this policy.
• If a transfer occurs, you will be notified through appropriate channels, and your rights regarding the transferred data will be preserved.

Affiliates

• We may share your data with our affiliated entities or subsidiaries to support operational activities and provide services. Any sharing with affiliates will be subject to the same privacy and security standards outlined in this policy.

Third-Party Integrations

• If you choose to interact with third-party services integrated into the platform (e.g., payment gateways or social media features), your data may be shared with those third parties as necessary. Such interactions are governed by the third parties' privacy policies, which we encourage you to review.

International Data Transfers

We may transfer your personal data to countries outside of your country of residence, including but not limited to the United States, the European Union, and other regions where we or our service providers operate.

• Compliance with Data Protection Laws: All international data transfers will be carried out in compliance with applicable privacy law.
• Standard Contractual Clauses (SCCs) and Equivalent Mechanisms: Where required, we implement safeguards such as SCCs, Binding Corporate Rules (BCRs), or other legally approved transfer mechanisms to protect your personal data during international transfers.
• Data Transfer Impact Assessments: For transfers to countries outside the EU or other jurisdictions with stringent privacy laws, we conduct assessments to ensure that adequate protection is in place.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this policy, or as required by applicable laws and regulations. Our data retention practices comply with the obligations set forth under the applicable privacy laws.

Retention Periods:

1. General Retention Limit: Unless otherwise required by law, personal data will be retained for no longer than five (5) years from the date the user ceases to use the Platform or terminates their account.
2. Legal Exceptions: Retention periods may be extended where:
   • Applicable laws or regulations require a longer retention period (e.g., tax, financial, or regulatory compliance).
   • Ongoing legal obligations, disputes, or enforcement of our agreements necessitate the retention of specific data.
   • Archiving purposes are required to fulfill public interest, research, or statistical objectives under applicable data protection laws.

Retention Categories:

We categorize data based on its nature and purpose, and retention periods vary accordingly:

• Account Information: Retained for a maximum of 5 years unless otherwise required by law.
• Financial and Transactional Records: Retained as mandated by tax and accounting regulations.
• Communication Records: Retained for dispute resolution and customer support purposes for up to 5 years or as required by legal obligations.

Deletion and Anonymization:

At the end of the applicable retention period, personal data will be securely deleted, anonymized, or pseudonymized, ensuring that it can no longer be linked back to any individual, in compliance with applicable privacy laws.

Your Rights

We are committed to respecting and protecting your rights regarding your personal data under applicable laws.

Data Subject Rights:

Individuals have the right to request the deletion of their personal data at any time, subject to exceptions allowed by applicable privacy laws, including where retention is necessary for:

• Compliance with legal obligations.
• Establishment, exercise, or defense of legal claims.
• Completion of ongoing transactions or services.

As a data subject, you have the following rights:

1. Right to Access:
   You have the right to request confirmation as to whether we are processing your personal data, and if so, to obtain a copy of the personal data we hold about you, along with details regarding how it is processed.
2. Right to Rectification:
   You can request that we correct any inaccurate or incomplete personal data. If we have shared this data with third parties, we will inform them of the correction where possible.
3. Right to Erasure (Right to be Forgotten):
   You can request the deletion of your personal data under certain conditions, including when:
   • The data is no longer necessary for the purposes for which it was collected.
   • You have withdrawn your consent, and no other legal basis exists for processing.
   • The data has been unlawfully processed.
4. Note: There may be exceptions where we are legally required to retain your data.
5. Right to Restrict Processing:
   You can request that we limit the processing of your personal data under the following circumstances:
   • You contest the accuracy of the data.
   • The processing is unlawful, and you request restriction instead of deletion.
   • We no longer need the data, but you require it for the establishment, exercise, or defense of legal claims.
6. Right to Data Portability:
   You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to request that we transmit it to another controller where technically feasible.
7. Right to Object:
   You can object to the processing of your personal data where:
   • Processing is based on legitimate interests, and you contest the basis for such processing.
   • Your data is used for direct marketing purposes (in which case, we will immediately stop processing).
8. Right to Withdraw Consent:
   If we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. The withdrawal will not affect the lawfulness of any processing conducted prior to the withdrawal.

Exercising Your Rights:

To exercise any of the rights listed above, please contact us at [insert contact information]. We may request verification of your identity to ensure the security of your data before processing your request.

Data Security

We prioritize the protection of personal data and have implemented comprehensive technical and organizational measures to safeguard it against unauthorized access, loss, misuse, alteration, or destruction. Our security measures are designed to comply with the requirements of the applicable privacy laws.

Technical and Organizational Measures:

Our approach to data security includes the following safeguards:

1. Encryption:
   • We use encryption technologies (both in transit and at rest) to ensure that personal data is secure and protected from unauthorized access.
2. Access Controls:
   • Access to personal data is restricted to authorized personnel only, based on the principle of least privilege. Access is granted only where it is necessary to perform specific tasks.
   • We implement multi-factor authentication and password policies to further secure access.
3. Data Minimization:
   • We limit the personal data we collect and process to only what is necessary for the specific purposes described in this policy, reducing the risk of unauthorized or accidental exposure.
4. Regular Security Assessments and Audits:
   • We conduct regular risk assessments, vulnerability scans, penetration testing, and security audits to identify and mitigate potential threats to data security.
   • Security measures are regularly reviewed and updated in response to evolving risks, emerging threats, and changes in applicable legal requirements.
5. Monitoring and Incident Response:
   • We maintain systems for continuous monitoring of our networks and applications to detect, prevent, and respond to any security breaches or incidents.
   • A data breach response plan is in place to ensure that any security incident is promptly addressed, and where required, reported to the relevant supervisory authority.
6. Data Integrity and Confidentiality:
7. Personal data is processed and stored in a manner that ensures its integrity and confidentiality, protecting it from unauthorized modification, tampering, or exposure.

Third-Party Links

Our Platform may contain links to third-party websites, applications, or services that are not operated or controlled by us. We provide these links for convenience and informational purposes only. However, we are not responsible for the privacy practices, security measures, or content of such third-party websites.

Disclaimer of Responsibility:

• Once you leave our Platform and access a third-party site, any personal data you provide is governed by that third party’s privacy policy and practices, which may differ from ours.
• We strongly encourage you to read the privacy policies of any third-party website before submitting any personal data or engaging with their services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, technological developments, or legal obligations under applicable privacy laws.

Notification of Changes:

1. Material Changes: If we make material changes that affect how personal data is collected, processed, or shared, we will notify users by:

   • Posting a notice on our Platform.
   • Sending an email notification where applicable.

2. Effective Date: The “Last Updated” date at the top of this policy will be revised to reflect when the latest changes were made.

3. Continued Use: By continuing to use our Platform after any changes take effect, you acknowledge and agree to the revised Privacy Policy. If you do not agree to any changes, you may exercise your rights under privacy laws A or discontinue using our services.

Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, you can reach us at:

GLOVN
[Company Address]
Email: [Insert contact email]