Addendum B – Privacy Policy

Effective Date: August 29, 2025

Applies To: VisualCV and Workstory users and affiliates

1. Introduction

Workstory Inc. (“Workstory”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you interact with our websites VisualCV.com and Workstory.com (the “Site”) and our services. By using our Site or services, you consent to the practices described herein.

2. Who This Policy Applies To

This Privacy Policy applies to all users of our Websites and services, regardless of location. However, specific rights may vary depending on your jurisdiction (e.g., EU, California, Canada).

Our services are not intended for children under 16. If you are under 16, do not use our Websites or provide any personal information. We reserve the right, but are not obligated, to delete any data we believe belongs to a child under 16.

3. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be posted prominently on our homepage for 30 days. Please check the “Effective Date” above to ensure you are reviewing the latest version. Continued use of our Websites after changes are posted constitutes your acceptance of the updated terms.

4. Legal Basis and Jurisdiction

By using our services, you agree that Canadian law—specifically the laws of British Columbia—governs this Privacy Policy. If you reside in the EU, you also have rights under the General Data Protection Regulation (GDPR).

Our lawful bases for processing include:

• Consent
• Contractual necessity
• Legitimate interests
• Legal obligations

You consent to the transfer of your personal information to countries outside your own, including Canada and the United States, and to processing by third-party service providers in those jurisdictions.

5. What Information We Collect

• A. Personal Information

  • Information that identifies you directly or indirectly, including name, email address, location, education, employment history, resume content, profile details, IP address, device identifiers, and usage data.

• B. Non-Personal Information

  • Aggregated or anonymized data such as browser type, operating system, screen resolution, pages visited, time spent on site, and technical analytics.

6. How We Collect Information

• Directly from you (e.g., registration, resume uploads, communications)
• Automatically via cookies, pixel tags, and analytics tools
• Through third-party services (e.g., payment processors) For example: When you make a purchase, your payment is processed by our authorized merchant of record. To complete your transaction, you will be required to share personal and payment information directly with them. Their use of your information is governed by their own privacy policy, which will be made available to you during the checkout process.

7. Cookies and Tracking Technologies

We use cookies and pixel tags to improve functionality, analyze usage patterns, and deliver targeted advertising.

You can manage cookie preferences in your browser settings. First-party cookies are required for registered users to access core features.

8. How We Use Your Information

We use your information to provide and personalize services, communicate with you, analyze and improve our Websites, and comply with legal obligations.

You may opt out of marketing communications at any time via unsubscribe links or by contacting us.

9. How We Share Your Information

We do not sell your personal information.

We may share data with third-party service providers, authorized parties (resume sharing), business partners in case of merger or acquisition, or legal authorities as required by law.

10. International Data Transfers

Your data may be stored and processed in countries outside your own. We use contractual safeguards such as Standard Contractual Clauses for EU residents.

11. Data Security and Breach Notification

We implement industry-standard security measures such as secure hosting, encryption, access controls, and staff training.

In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by law.

12. Your Rights

Depending on your location, you may have the right to access, correct, delete, object to processing, withdraw consent, or request portability of your data.

EU residents: rights under GDPR.

California residents: rights under CCPA/CPRA including right to know, delete, opt out of data sharing, and non-discrimination.

13. Data Retention

We retain your data as long as necessary to provide services or comply with legal obligations. You may delete your account at any time. Deleted data is securely removed.

You understand that if any of your data, was previously accessed, stored and/or copied by others, while being shared or while publicly available, we have no control over that copied data and are unable to delete the information from their systems and it may be still visible to those parties.

14. Third-Party Links

Our Websites may link to external sites. We are not responsible or liable for the privacy practices, content, or security of such external sites. Please review their policies before sharing your information.

15. Automated Processing and AI

Some processing may involve automated decision-making or AI features, governed by our Enhanced Product Features Use Policy. By using our services, you acknowledge and agree that such features may be used to provide or enhance our offerings, and you accept any risks associated with automated processing to the extent permitted by law.

16. Complaints and Supervisory Authorities

If you are unsatisfied with our response to a privacy request, you may contact the Office of the Privacy Commissioner of Canada or your local supervisory authority.

17. Contact Information

Privacy Officer at Workstory Inc. Email: legal@workstory.com