Task Analytics is GDPR compliant

Last updated: September 11th, 2024


Task Analytics is explicitly compliant with GDPR. We strive to maintain the highest level of information security awareness and compliance in our product and infrastructure, as well as in our daily work activities. Our Subcontractors, Privacy policy and Data processing agreement has been revised according to the Schrems II GDPR requirements.

You may contact us at help@taskanalytics.com for any enquiries.

Resources

  1. Data Processing Agreement
  2. Privacy Policy
  3. Schrems II FAQ
  4. All Privacy, Data & Security-related help articles

Summary

Data Collection

Task Analytics uses a survey (example) to collect responses and anonymous device data from visitors on a website. We collect our clients name and email address when they register for their user account. See our Privacy Policy for all details about which data is collected.

Data collected from the survey

We do not store personal information unless it's provided by the respondent, e.g. in open-ended responses. If a response contains Personal Identifiable Information (PII), the client is able to delete these specific responses. ​ Task Analytics does not track visitors' full IP address, email address or other information that can be traced back to individuals. IP addresses of users filling out the survey are not stored.

Data collected from clients

You need a Task Analytics account to access our Service. When you register for an account, we collect your name and email address. Your password, while collected, is stored securely only in a hashed form.

Data Storage

Data is stored in the European Union.​​

Subcontractors

Task Analytics uses the following service providers. For more details, see Appendix 3 in our Data Processing Agreement.

  1. ArangoDB Oasis as a management service for multi-model databases.
  2. Heroku Cloud platform to build, deliver, monitor and scale apps.
  3. SendInBlue for managing customer contact lists for product-related and marketing communication.
US Subcontractors and Schrems II

We have taken a number of measures to legalize the US data transfers.

  1. Review of subcontractors
  2. Changes in subcontractors
  3. Updated DPA with the EU's Standard Contractual Clauses

We have Data Processing Agreements based on EU's Standard Contractual Clauses (SCC) in place with all our US subcontractors. We continue working proactively with our US subcontractors to ensure that Schrems II requirements, as well as EDPB's recommendations 01/2020 (supplementary transfer tools) and 02/2020 (essential guarantees), will be complied with.

This entails i.a. sufficient physical and logical restrictions, e.g. robust, state-of-the-art encryption in transit/at rest (with reliable key management and US subcontractors not having access to keys), and that our US subcontractors will challenge law enforcement requests and always disclose the minimum amount of data necessary. We will also focus on implementing new draft Standard Contractual Clauses as published by the EU Commission.

For further details read our Schrems II FAQ.

Access to your data

Survey responses are collected in a dashboard. Only users who are specifically invited into a dashboard can see the data. In addition, employees in Task Analytics with access rights as “superuser” can see client dashboards. Superusers in our team are citizens and located in the EU. Task Analytics can, after a review, potentially sign a NDA with clients if requested.