TZ
TaskZen
LoginSign Up

Legal Documents

Data Processing Agreement

Last updated: March 18, 2025

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between TaskZen.me ("Processor") and the user ("Controller") and applies to the extent that TaskZen.me processes Personal Data on behalf of the user in the course of providing the Service.

This DPA is designed to ensure compliance with applicable data protection laws, including the European Union's General Data Protection Regulation (GDPR), and sets out the parties' obligations with respect to the processing of Personal Data.

2. Definitions

In this DPA, the following terms shall have the meanings set out below:

  • "GDPR" means the General Data Protection Regulation (EU) 2016/679.
  • "Personal Data" means any information relating to an identified or identifiable natural person as defined in the GDPR.
  • "Processing" means any operation or set of operations which is performed on Personal Data, as defined in the GDPR.
  • "Data Subject" means an identified or identifiable natural person to whom the Personal Data relates.
  • "Supervisory Authority" means an independent public authority established pursuant to Article 51 of the GDPR.
  • "Sub-processor" means any processor engaged by TaskZen.me to process Personal Data on behalf of the user.

3. Scope and Purpose of Processing

TaskZen.me shall process Personal Data only for the purpose of providing the Service as described in the Terms of Service and in accordance with the user's instructions. The processing activities include:

  • Storing and organizing user tasks, schedules, and productivity data
  • Processing authentication and account information
  • Facilitating sharing and collaboration features
  • Generating analytics and insights
  • Providing customer support
  • Improving and maintaining the Service

4. Duration of Processing

TaskZen.me shall process Personal Data for the duration of the user's subscription to the Service, unless otherwise required by applicable law or agreed between the parties.

Upon termination of the Service, TaskZen.me shall delete or return all Personal Data to the user, as requested, and delete existing copies unless storage is required by applicable law.

5. Obligations of TaskZen.me

TaskZen.me shall:

  • Process Personal Data only on documented instructions from the user, including with regard to transfers to third countries
  • Ensure that persons authorized to process Personal Data have committed themselves to confidentiality
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
  • Assist the user in ensuring compliance with their obligations under the GDPR
  • Assist the user in responding to requests from Data Subjects exercising their rights under the GDPR
  • Notify the user without undue delay after becoming aware of a Personal Data breach
  • At the user's choice, delete or return all Personal Data after the end of the provision of services
  • Make available to the user all information necessary to demonstrate compliance with the obligations in this DPA

6. Sub-processing

The user provides general authorization for TaskZen.me to engage Sub-processors for the processing of Personal Data. TaskZen.me shall maintain a list of current Sub-processors and shall inform the user of any intended changes concerning the addition or replacement of Sub-processors.

TaskZen.me shall ensure that any Sub-processor it engages provides at least the same level of data protection as set out in this DPA and shall remain fully liable to the user for the performance of the Sub-processor's obligations.

7. Data Subject Rights

TaskZen.me shall, to the extent legally permitted, promptly notify the user if it receives a request from a Data Subject to exercise their rights under the GDPR. TaskZen.me shall assist the user in responding to such requests, taking into account the nature of the processing.

8. Data Protection Impact Assessment

TaskZen.me shall provide reasonable assistance to the user with any data protection impact assessments and prior consultations with Supervisory Authorities that the user is required to carry out under the GDPR.

9. Personal Data Breach

In the event of a Personal Data breach, TaskZen.me shall notify the user without undue delay after becoming aware of the breach. The notification shall include:

  • A description of the nature of the breach
  • The categories and approximate number of Data Subjects concerned
  • The categories and approximate number of Personal Data records concerned
  • The likely consequences of the breach
  • The measures taken or proposed to address the breach

10. Audit Rights

TaskZen.me shall allow for and contribute to audits, including inspections, conducted by the user or an auditor mandated by the user to verify compliance with this DPA.

11. International Transfers

TaskZen.me shall not transfer Personal Data to a third country or international organization unless adequate safeguards are in place, such as standard contractual clauses approved by the European Commission.

12. Governing Law

This DPA shall be governed by the laws specified in the Terms of Service, without regard to choice or conflicts of law rules.

13. Modifications

This DPA may only be modified by a written amendment signed by both parties.

14. Contact Information

For questions regarding this DPA, please contact:

Email: privacy@taskzen.me
Address: TaskZen Inc., 123 Productivity Lane, Suite 456, San Francisco, CA 94103, USA