Privacy Statement

Last updated: 11 August 2025

1. Scope

This Privacy Statement applies to all Users of Tota’s Platform: Clients, Suppliers, Freelancers, and Candidates. It pertains to the processing of personal data collected, processed, and secured by Tota through its digital environment.

2. Controller

Tota B.V., located at Librijesteeg 207, 3011 HN Rotterdam, is the controller for the processing of personal data as described in this statement.


Contact: service@totatech.com

3. Personal Data We Process

Tota processes personal data actively provided by you and data automatically generated during the use of the Platform. This includes, among others:

  • Identification Data: Name, gender, date of birth, email address, phone number.
  • Account Data: Login credentials, preferred language, user role (Client, Supplier, Freelancer, Candidate).
  • Location Data: Location data, such as IP addresses, for security and analytical purposes.
  • Professional Information: CV, skills, experience, availability, rate, LinkedIn URL.
  • Screening Data: Results of background checks (integrity, identity, criminal records) conducted by an external party.
  • Communication Data: Messages and interactions via the Platform.
  • Billing Data: Bank details (if necessary for transactions), payment history.
  • Cookies: And similar technologies for functional, analytical, and marketing purposes. See our Cookie Policy for more information.

Tota does not collect special categories of personal data unless required for legal screenings and with explicit consent.

4. Purposes of Data Processing

Tota processes your data solely for the following purposes:

  • Creating and managing accounts on the Platform.
  • Facilitating Matches between Clients and Candidates.
  • Enabling communication between involved parties.
  • Processing requests for screenings (via Validdo or approved external partners).
  • Improving the service and user experience.
  • Enhancing the functionality of the Platform.
  • Complying with legal obligations (e.g., for tax and administrative retention requirements).
  • Sending newsletters, updates, or service messages (with an opt-out option).

5. Legal Bases for Processing

Tota processes personal data based on the following legal grounds under the GDPR:

  • Performance of a contract (e.g., use of the Platform).
  • Compliance with legal obligations.
  • Consent of the data subject (e.g., for newsletters or screenings).
  • Legitimate interests of Tota (e.g., security, service provision, business communication).

6. Data Sharing with Third Parties

Tota only shares personal data with third parties when necessary for the performance of its services. This includes:

  • Clients: After a Match, relevant Candidate data is shared with the respective Client.
  • Screening Partners: For screenings, only the Candidate’s name and email address are shared with Validdo or another pre-approved, independent, internationally operating screening party.
  • External Service Providers: Such as hosting providers, email software, or accounting firms, provided they are bound by data processing agreements.
  • Legal Authorities: Only if Tota is legally obliged to do so.
    Tota will never sell or provide personal data to third parties for commercial purposes.

7. Data Security

Tota takes appropriate technical and organizational measures to protect personal data against loss, unauthorized access, misuse, or disclosure. Examples include:

  • SSL encryption of data traffic.
  • Strong authentication for user logins.
  • Restricted access to data based on authorization levels.
  • Monitoring of suspicious activities.
  • Data breach protocol and notification obligation.

8. Retention Periods

Tota retains personal data no longer than necessary for the purposes for which it is processed. Guidelines:

  • Candidate Data: Up to 12 months after profile deactivation.
  • Client and Supplier Data: Up to 5 years after termination of the collaboration (due to tax obligations).
  • Screening Data: Up to 12 months after screening or as long as legally required.

9. Rights of Data Subjects

As a data subject, you have the following rights:

  • Right to access your personal data.
  • Right to correction of inaccurate data.
  • Right to erasure (‘right to be forgotten’).
  • Right to restriction of processing.
  • Right to object to automated decision-making.
  • Right to data portability.
  • Right to object to processing.
  • Right to withdraw consent (e.g., for newsletters).
    You can submit a request via service@totatech.com. Tota will respond within 30 days.
    If you believe Tota is not acting in accordance with the GDPR, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

10. Newsletters

Upon registration on the Platform, your email address is automatically added to Tota’s mailing list. You will receive functional updates and news. Each newsletter includes an ‘unsubscribe’ link for easy opt-out.

11. Changes to this Statement

Tota reserves the right to amend this Privacy Statement. Substantive changes will be announced in advance via email or a notification within the Platform. The most current version is always available on the website.

12. Contact Details

Tota B.V.
Librijesteeg 207
3011 HN Rotterdam
E-mail: service@totatech.com