General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Last update: May 18, 2023
At Out Task, the privacy and security of your Customer Data is our top priority. GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens. At Out Task, our entire organization is hard at work ensuring that our own practices are GDPR-compliant. But equally important to us is helping you, our customer and partners, understand what the GDPR means for your businesses and build compliant processes of your own. Individual in charge of GDPR
| SECTION | STATUS | EXPLANATION |
| Individual in charge of GDPR | Currently Available | Matt Hillary, CISO (matthillary@drata.com) |
| Data Protection Officer | Currently Available | Matt Hillary, CISO |
| Purpose of Processing | Currently Available | Continuous monitoring and evidence collection of security controls mapped to various compliance frameworks to streamline audit preparation and to efficiently remediate security and compliance gaps. For more details, see Out Task’s Privacy Notice – How We Process Personal Data (https:// outtask.ai/privacy). |
| Lawful Basis of Processing and Consent | Currently Available | Under Article 6 of GDPR (https://gdpr-info.eu/art-6-gdpr), it falls under: Consent: Via Terms of Service - Subscription Agreement and Opt-in of Terms and Conditions. Removal of consent will be done on request or via the Out Task Web App. Contract: Via Terms of Service - Subscription Agreement with customers which gives Out Task permission to manage their Personal Data for the purpose of helping them achieve privacy and security compliance. Legitimate Interest: It is in the legitimate interest of customers to share Personal Data with Out Task for the purpose of Out Task delivering its Services and helping them achieve privacy and security compliance. For more information, see the Out Task Privacy Notice (https://outtask.ai/privacy) – “Supplemental Information for the EEA, Switzerland, and the U.K.” section |
| Withdrawal of consent (or opt out) | Currently Available | For End Users, withdrawal of consent or opting out after initial consent/opt-in will be able available via the webapp https://www.outtask.ai. For website visitors, opting out can be done by emailing compliance@outtask.ai |
| Cookie Notice | Currently Available | Cookie Notice |
| Deletion Policy | Currently Available | Deletion of Customer Data upon termination, cancelation or expiration of the agreement. Data Deletion on the website (https://www.outtask.ai) for visitors can be done by contacting compliance@outtask.ai |
| Data Access / Modification / Portability | Currently Available | End Users can Access, Modify and Download their data directly from the Web App. Visitors can request a copy or update of their data by emailing compliance@outtask.ai. |
| Data Protection Info | Currently Available | Out Task deploys and maintains a single tenant database architecture, alongside best industry practices in security attested to in a SOC 2 Type 2 report covering security, confidentiality, availability, and processing integrity. Further information contained in Out Task's Terms of Service - Subscription Agreement and Data Processing Addendum, and made available upon request. |
| Notification of Breach | Currently Available | Out Task’s breach notification process is outlined within its Terms of Service - Subscription Agreement, Data Processing Addendum and Incident Response Policy, and made available upon request. |