OneTaskList Privacy Policy

About this policy

This privacy policy sets out how OneTaskList uses and protects any information that you give OneTaskList access to when you use this service. The aim is to be as transparent as possible to establish trust and assure you that your data rights are protected, and your data is safe.

OneTaskList is committed to ensuring that your privacy is protected. Should we ask you to provide information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.

By logging into OneTaskList you are accepting the terms of this policy. If you do not agree with this policy, do not access or use OneTaskList.

In this Policy

• What personal data we collect
• What we do with the data we collect
• EU Lawful basis for processing your data
• What we share with 3^rd Parties
• Your access and control of your data
• How we use cookies
• Data security
• Data retention
• Where we store and access your data
• Collection of data from children
• Changes to this policy
• How to contact us

What personal data we collect

We collect both information you provide directly into OneTaskList and data you provide by consenting to connect other services to OneTaskList.

The below information is required for OneTaskList to provide you with the service.

• Identity, account and profile information as provided through your selected third-party authentication provider (e.g. Microsoft, Google, etc.):
  • First and Last Name
  • Email address
  • Authentication provider Identifier
  • Public profile image URL (where available)
• Task information from the user that may or may not contain personal data. For example:
  • Task data entered directly into our service such as the title, notes and sub tasks.
  • Task data provided by services you connect such as Google or Microsoft.
• Data provided to feedback/support systems to help us address any issues or enhancements.
• Payment information provided to our subscription service.
• Telemetry information about your use of the service such as what features you use and any feedback you provide.
• Browser/Device and connection information such as type of browser, location and any IP address so we can maintain and our service and secure your data against threats.

What we do with the data we collect

We use this information to understand your needs and provide you with a better service.

We will never sell or pass your information onto any third party nor will we use this information for any reason not listed below:

• To improve our products and services.
• For internal record keeping.
• We may periodically send promotional email about new products, special offers or other information which we think you may find interesting.
• For market research purposes.
• To customize the website according to your interests.

EU Lawful basis for processing your data

EU laws require us to specify which of the defined lawful bases apply allowing us to process your personal data. This means we process your data only where:

• You have given consent for the service to store and process your personal data for the specified purpose.
• By subscribing to the service, a contract is established for us to provide the service. We need the data to provide, operate, support, personalize features and to protect the safety and security of the Services.
• It satisfies our legitimate interest to research, measure, develop, market, promote and protect the services.
• We have a legal obligation to store you customer data and track subscriptions.

What we share with 3^rd Parties

We store your task data in 3^rd party services in certain scenarios. This includes storage of data in backend services to help us manage and support our services.

Specified below are all required as part of providing our services as configured and contracted by you or your organisation.

• The user can configure task data to be pushed to other services within the service.
• Task data is stored in compliant trusted 3^rd party services such as our CRM, Subscription Management, Support services.
• Aggregate statistics may be shared with your employer if your subscription is provided by your organisation.
• High level aggregated and anonymous statistics may be shared publicly to measure and demonstrate the efficiency and trends of task management within our service.

Your access and control of your data

To protect your data rights, you have the following options:

• Maintain the accuracy of your profile data via your selected authentication provider, this will then filter through to our service on log in.
• Maintain the accuracy of any task information directly within the service.
• Your right to be forgotten/erasure or to have your account deleted will be processed from all our systems within 30 days of a request being made through the contact channels outlined in this policy.
• If at any time you would like to opt-out of communications, this can be done through the unsubscribe link in any automated email communications or by contacting us through the channels outlined in this policy.
• To protect your right to data portability you can request your data at any time through the below contact channels. We will provide as required by law a file or series of files containing all your personal data including task information in an unencrypted machine readable json format.

Automation of the application of these controls is the aim, but due to the complexity of the different back end systems some level of manual processing will be required.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and sent with each request by the browser to our service, and the cookie allows us to store certain information about your session to allow us to remember who you are logged in as or that you have agreed to this policy.

Without cookies you will not be able to log in to or to connect to most other services to present a single view of your tasks.

Traditionally cookies are also used to store preferences locally as you use the service, using local storage processed in your browser, which is done on the client so none of this information is sent to the service.

A cookie in no way gives us access to your computer or any information about you, other than the cookie id.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This will prevent you from making full use of the service.

Data security

We use Microsoft Azure PaaS to provide our service and follow best practice recommendations to secure your data with the application which has been built within their service.

• All communication over web services is processed securely in flight via TLS (https).
• All data is encrypted at rest both by physical means within the storage service as provided in case the physical storage is stolen as well as additional encryption by our service to ensure even if someone gains access to the storage via the cloud tools that the data is not readable.
• Access to raw data by our staff is limited to those who have an explicit need and have passed the required security/police checks.

While we follow best practice to protect your data, no system is 100% impenetrable. As guided by law, we will notify you and any relevant authority if your data is compromised or lost with 72 hrs of such a breach being noticed.

Data retention

We will not store your data longer than required.

• Aggregate data will be kept long term so we can provide you metrics/numbers on your efficiency but also anonymously at a higher level for us to track efficiency of the system.
• Any data deleted through the service will be removed permanently.
• 90 days after your subscription has expired, providing a timespan for you to renew your subscription.
• Base level task information will remain in your service.

Where we store and access your data

Primarily your personal data including task details will be stored in the region you select when first signing up to our service after login. By selecting a region, you are consenting to the transfer and storage of your data in this region.

Additionally, our staff with explicit need such as our system administrators, sales, support and marketers will have access to the necessary profile information to perform their appropriate job. At this point most of these users are located in Australia.

Data stored in trusted 3^rd party services such as CRM, Subscription Management and Support services will be stored in compliant locations with Data Privacy laws or in the same region as our offices.

Collection of data from children

Our service is not directed to individuals underage (exact age can vary per country/region), and we will do not knowingly collect personal information from children.

If you are a child and wish to use the service, please contact us via the below details so we can obtain consent from your parent or guardian.

At such a time that it becomes apparent that a child is using our service and we are unable to obtain consent from their parent or guardian we will delete and block the account of the child. If you are aware of child using our service without said consent, please contact us by the below mechanisms.

Changes to this policy

We may change this policy from time to time by updating this page. In advance of such a time we will notify any existing consented users via the email address we have been provided.

If the changes are significant, we will notify you via the service and may prompt for consent again, highlighting the changes.

How to contact us

If there any questions or concerns about how we store and process your personal data, please contact by one of the following means and we will do everything we can to address them:

• Feedback through the service once logged in
• A message via our website (http://about.onetasklist.com/)
• Contact details
  OneTaskList
  C/O Sensei Project Solutions
  Level 11,
  446 Collins St
  Melbourne
  VIC, 3000
  Australia
  Email: info@onetasklist.com