We use cookies only to manage your session. We do not use any third-party cookies. Learn more

ThynkVault ThynkVault

All tasks

Privacy Policy

Last Updated: [DATE]

1. Introduction

This Privacy Policy explains how [COMPANY NAME] (“we”, “us”, “our”) collects, uses, processes, and protects your personal data when you use our task management service (the “Service”). This policy is designed to comply with the General Data Protection Regulation (GDPR) and Dutch data protection laws.

Data Controller: - Company Name: [COMPANY NAME] - Address: [COMPANY ADDRESS] - Chamber of Commerce Number: [KVK NUMBER] - Email: [PRIVACY EMAIL]

2. What Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Account Information

  • Name
  • Email address
  • Password (encrypted)
  • Profile picture (optional)

2.2 Usage Data

  • Tasks, projects, and lists you create
  • Due dates and task priorities
  • Task completion status
  • Comments on tasks

2.3 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Log data and cookies
  • Access times and dates

2.4 Authentication Data (if applicable)

  • OAuth provider information (Google, GitHub, etc.)
  • OAuth tokens (encrypted)

We process your personal data based on the following legal grounds under GDPR Article 6:

3.1 Contract Performance (Art. 6(1)(b))

Processing is necessary to provide the Service and fulfill our contractual obligations to you.

We obtain your explicit consent for: - Optional cookies and analytics - Marketing communications (if applicable) - Processing of optional profile information

3.3 Legitimate Interest (Art. 6(1)(f))

We have a legitimate interest in: - Preventing fraud and ensuring security - Improving our Service - Analyzing usage patterns

Processing necessary to comply with legal requirements, such as: - Tax and accounting obligations - Responding to lawful requests from authorities

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Service Provision: To create and manage your account, store your tasks, and provide core functionality
  • Communication: To send service-related notifications, updates, and respond to your inquiries
  • Security: To protect against unauthorized access, fraud, and abuse
  • Improvement: To analyze usage patterns and improve the Service
  • Legal Compliance: To comply with applicable laws and regulations
  • Marketing: To send promotional materials (only with your consent)

5. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

  • Active Accounts: Data is retained while your account is active
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion
  • Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., tax records for 7 years)
  • Backups: Data in backups is automatically deleted according to our backup retention schedule (maximum 90 days)

6. How We Share Your Data

We do not sell your personal data. We may share your data only in the following limited circumstances:

6.1 Service Providers

We use trusted third-party service providers to help us operate the Service: - Hosting providers (servers located in [EU/REGION]) - Email service providers - Analytics providers (with anonymization where possible) - Payment processors (if applicable)

All service providers are contractually bound to protect your data and process it only according to our instructions.

We may disclose your data if required by law or in response to valid legal requests from authorities.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner, subject to the same privacy protections.

7. International Data Transfers

Your data is primarily stored and processed within the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place: - Standard Contractual Clauses approved by the European Commission - Adequacy decisions by the European Commission - Other legally approved transfer mechanisms

8. Your Rights Under GDPR

As a data subject in the EU/Netherlands, you have the following rights:

8.1 Right of Access (Art. 15)

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure / “Right to be Forgotten” (Art. 17)

You can request deletion of your personal data in certain circumstances.

8.4 Right to Restriction of Processing (Art. 18)

You can request that we limit how we process your data.

8.5 Right to Data Portability (Art. 20)

You can request your data in a structured, commonly used, and machine-readable format.

8.6 Right to Object (Art. 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Where processing is based on consent, you can withdraw it at any time.

8.8 Right to Lodge a Complaint

You have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): - Website: https://autoriteitpersoonsgegevens.nl - Phone: (+31) - (0)70 - 888 85 00 - Address: Postbus 93374, 2509 AJ Den Haag, Netherlands

How to Exercise Your Rights: To exercise any of these rights, please contact us at [PRIVACY EMAIL]. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

9.1 Technical Measures

  • Encryption of data in transit (TLS/SSL)
  • Encryption of passwords and sensitive data at rest
  • Regular security updates and patches
  • Secure authentication mechanisms
  • Automated backups

9.2 Organizational Measures

  • Access controls and principle of least privilege
  • Employee training on data protection
  • Regular security audits
  • Incident response procedures
  • Data breach notification procedures

9.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will: - Notify the Dutch Data Protection Authority within 72 hours - Notify affected users without undue delay - Provide information about the breach and mitigation steps

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

10.1 Essential Cookies

Required for the Service to function (e.g., session management, authentication). These do not require consent under Dutch law.

10.2 Functional Cookies

Used to remember your preferences and settings. These require consent.

10.3 Analytics Cookies

Used to understand how you use the Service. These require consent.

10.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

For more information, see our Cookie Policy [LINK TO COOKIE POLICY IF SEPARATE].

11. Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

Third-Party Services We Use: - [LIST SPECIFIC SERVICES, e.g., Google OAuth, Stripe, etc.]

12. Children’s Privacy

Our Service is not intended for individuals under 16 years of age (the minimum age for consent under GDPR in the Netherlands). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

13. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will: - Notify you of material changes via email or Service notification - Update the “Last Updated” date at the top of this policy - Obtain your consent if required by law

We encourage you to review this policy periodically.

15. Data Protection Officer

[If you have appointed a DPO, include their contact information here. Most small businesses are not required to appoint a DPO unless they process sensitive data on a large scale.]

16. Contact Us

If you have questions about this Privacy Policy or how we handle your personal data, please contact us:

  • Email: [PRIVACY EMAIL]
  • Address: [COMPANY ADDRESS]
  • Phone: [PHONE NUMBER]

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.

17. Specific Information for Dutch Users

17.1 Authority

This Privacy Policy complies with the Dutch Implementation Act GDPR (Uitvoeringswet AVG) and the Telecommunications Act (Telecommunicatiewet).

17.2 Your Rights Summary

In summary, under Dutch and EU law you have the right to: - Know what personal data we process about you - Access and receive a copy of your data - Correct inaccurate data - Request deletion of your data - Object to certain types of processing - Transfer your data to another service - File a complaint with the Autoriteit Persoonsgegevens

Note: This Privacy Policy is provided in English. If you require a Dutch translation, please contact us at [PRIVACY EMAIL].