Privacy Policy
Last Updated: January 15, 2025
1. Introduction and Overview
Welcome to Direct Task (“we,” “our,” or “us”). This Enhanced Privacy Policy outlines how we collect, use, protect, and manage your personal information when you use our platform and services.
Our Commitment: We believe privacy is a fundamental right. This policy is designed to be transparent, comprehensive, and user-friendly, giving you complete control over your data.
Scope: This policy applies to all Direct Task services, including our website (www.directtask.co.uk), mobile applications (iOS & Android), API services, and any related communications.
Your Consent: By using our services, you acknowledge that you’ve read, understood, and agreed to this Privacy Policy and our Terms of Service.
2. Information We Collect
2.1 Information You Provide Directly
Account Registration:
Full name and display name
Email address and phone number
Physical address and postal code
Date of birth and preferred pronouns
Profile photo and verification documents
Professional Information:
Skills, qualifications, and certifications
Work experience and portfolio
Educational background
Availability and rate preferences
Service categories and specializations
Payment Information (processed securely by certified third-party providers):
Payment method details
Billing address
Transaction history
Invoicing preferences
Task and Communication Data:
Task postings and descriptions
Messages and communications
Reviews and ratings
Dispute information
Customer support interactions
2.2 Information We Collect Automatically
Technical Information:
Device type, operating system, and browser information
IP address and general location data
App version and performance metrics
Usage patterns and feature interactions
Error logs and crash reports
Analytics Data:
Page views and navigation patterns
Search queries and filters used
Time spent on different sections
Conversion and engagement metrics
A/B testing participation data
Location Information (with your explicit consent):
Precise GPS coordinates for task matching
Movement patterns for service optimization
Geofenced area preferences
Location-based recommendations
2.3 Information from Third Parties
Social Media Integration:
Profile information from connected accounts (LinkedIn, Facebook)
Professional recommendations and endorsements
Public posts and interactions (with permission)
Background Checks and Verification:
Identity verification results
Professional license confirmations
Criminal background check results (where legally permitted)
References and recommendations
Marketing and Analytics Partners:
Demographic and behavioral insights
Interest-based advertising data
Cross-platform usage patterns
3. How We Use Your Information
3.1 Core Service Delivery
Platform Operations:
User authentication and account management
Task matching and recommendation algorithms
Payment processing and transaction management
Customer support and dispute resolution
Platform security and fraud prevention
Service Optimization:
Personalizing user experience
Improving search and matching algorithms
Developing new features and services
Analyzing usage patterns for optimization
Quality assurance and testing
3.2 Communication and Marketing
Service Communications:
Account notifications and updates
Task-related messages and alerts
Security and safety notifications
Platform announcements and changes
Marketing Communications (with opt-in consent):
Promotional offers and discounts
Feature announcements and tips
Industry insights and resources
Event invitations and webinars
Partner service recommendations
3.3 Legal and Compliance
Regulatory Requirements:
Tax reporting and compliance
Anti-money laundering checks
Data protection compliance
Platform abuse prevention
Legal process responses
Safety and Security:
Identity verification and fraud prevention
Trust and safety monitoring
Risk assessment and management
Incident investigation and response
4. Advanced Data Protection Measures
4.1 Technical Safeguards
Encryption Standards:
AES-256 encryption for data at rest
TLS 1.3 for data in transit
End-to-end encryption for sensitive communications
Encrypted backups and disaster recovery
Access Controls:
Multi-factor authentication (MFA) for all accounts
Role-based access control (RBAC) for internal systems
Regular access reviews and audits
Automated threat detection and response
Infrastructure Security:
SOC 2 Type II certified cloud hosting
Regular penetration testing and vulnerability assessments
24/7 security monitoring and incident response
Compliance with industry security standards
4.2 Data Governance
Data Minimization:
Collect only necessary information
Regular data audits and cleanup
Automated data retention policies
Purpose limitation principles
Quality Assurance:
Data accuracy verification processes
Regular data quality assessments
User-controlled data correction tools
Automated data validation
5. Sharing and Disclosure of Information
5.1 Service-Related Sharing
Between Platform Users:
Public profile information
Task-related communications
Reviews and ratings
Availability and pricing information
Service Providers (under strict data processing agreements):
Payment processors and financial institutions
Identity verification and background check providers
Cloud hosting and infrastructure providers
Analytics and marketing service providers
Customer support and communication tools
5.2 Legal and Safety Disclosures
Legal Requirements:
Court orders and legal proceedings
Law enforcement requests (with valid warrants)
Regulatory compliance requirements
Tax and financial reporting obligations
Safety and Security:
Preventing fraud and abuse
Protecting user safety and security
Enforcing terms of service violations
Emergency situations requiring disclosure
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and provide options for your data.
6. International Data Transfers
6.1 Transfer Mechanisms
Adequacy Decisions: We transfer data to countries recognized by regulatory authorities as providing adequate protection.
Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions, we use EU-approved SCCs or equivalent mechanisms.
Binding Corporate Rules: Our global data transfer framework ensures consistent protection standards across all jurisdictions.
6.2 Data Localization
Regional Data Centers: We maintain data centers in multiple regions to ensure optimal performance and comply with local data residency requirements.
Cross-Border Processing: Where permitted by law, we may process data across borders for operational efficiency and service delivery.
7. Your Rights and Controls
7.1 Universal Rights
Access and Portability:
Request a copy of your personal data
Export data in machine-readable formats
Receive data transfer assistance
Correction and Updates:
Update your profile information
Correct inaccurate data
Add missing information
Deletion and Erasure:
Delete your account and associated data
Request specific data deletion
Exercise “right to be forgotten” (where applicable)
7.2 Enhanced Control Features
Privacy Dashboard:
Granular privacy controls
Data usage transparency
Permission management
Activity monitoring tools
Communication Preferences:
Customizable notification settings
Marketing opt-in/opt-out controls
Channel preferences (email, SMS, push)
Frequency management
Data Sharing Controls:
Selective profile visibility
Task-specific information sharing
Third-party integration permissions
Location sharing preferences
7.3 Regional-Specific Rights
GDPR (EU/UK):
Right to object to processing
Right to restrict processing
Data portability rights
Automated decision-making opt-out
CCPA (California):
Right to know about data collection
Right to delete personal information
Right to opt-out of data sales
Non-discrimination protection
Other Jurisdictions: We comply with applicable privacy laws in all regions where we operate.
8. Data Retention and Deletion
8.1 Retention Periods
Active Account Data: Retained while your account is active and for necessary business purposes.
Transaction Records: Maintained for 7 years for financial and legal compliance.
Support Communications: Kept for 3 years for quality assurance and dispute resolution.
Marketing Data: Retained until you opt-out or for maximum of 5 years.
8.2 Automated Deletion
Inactive Accounts: Data from accounts inactive for 2+ years is automatically reviewed for deletion.
Expired Data: Automated systems regularly purge data that has exceeded retention periods.
User-Requested Deletion: Account deletion requests are processed within 30 days.
8.3 Legal Hold Exceptions
Data may be retained longer when required by:
Ongoing legal proceedings
Regulatory investigations
Contractual obligations
Legitimate security concerns
9. Cookies and Tracking Technologies
9.1 Types of Technologies Used
Essential Cookies: Required for basic platform functionality and security.
Performance Analytics: Google Analytics, Adobe Analytics (anonymized data only).
Functional Enhancements: User preference storage and personalization features.
Marketing and Advertising: Interest-based advertising and conversion tracking (opt-in required).
9.2 Cookie Management
Browser Controls: Instructions for managing cookies in different browsers.
Preference Center: Granular cookie controls in your account settings.
Opt-Out Tools: Links to industry opt-out mechanisms and tools.
Cookie Notice: Clear notification and consent management for new users.
10. Specialized Privacy Protections
10.1 Sensitive Data Categories
Financial Information: Additional encryption and access restrictions for payment data.
Biometric Data: Secure processing of verification photos and identity documents.
Location Data: Opt-in consent required with granular sharing controls.
Health Information: Special protections for health-related service categories.
10.2 Vulnerable Populations
Minors: Enhanced protections for users under 18 (where permitted by law).
Sensitive Categories: Additional safeguards for users in protected categories.
High-Risk Situations: Special protocols for users in vulnerable circumstances.
11. Incident Response and Breach Notification
11.1 Security Incident Management
Detection and Response: 24/7 monitoring with automated threat detection systems.
Investigation Process: Rapid response team with defined escalation procedures.
Containment Measures: Immediate actions to limit potential damage and exposure.
Recovery and Lessons Learned: Post-incident analysis and improvement implementation.
11.2 Breach Notification
User Notification: Prompt communication about breaches affecting your data.
Regulatory Reporting: Compliance with local breach notification requirements.
Transparency Reports: Annual security and privacy reports available publicly.
Support and Assistance: Dedicated support for users affected by security incidents.
12. Children’s Privacy
12.1 Age Verification
Minimum Age: Our platform is intended for users 18 years and older.
Verification Process: Age verification during registration using multiple data points.
Parental Controls: Tools for parents to monitor and control minor access (where applicable).
12.2 Unintended Collection
Detection Systems: Automated systems to identify potential underage users.
Immediate Action: Prompt account suspension and data deletion for confirmed minors.
Family Support: Resources and guidance for families regarding online privacy.
13. Updates and Changes
13.1 Policy Updates
Change Notification: 30-day advance notice for material changes.
Version Control: Clear versioning and change logs for all policy updates.
Consent Management: Re-consent requirements for significant changes.
Grandfathering: Existing user protections during transition periods.
13.2 Continuous Improvement
User Feedback: Regular surveys and feedback collection on privacy practices.
Regulatory Monitoring: Proactive compliance with emerging privacy laws.
Technology Updates: Regular review and enhancement of privacy technologies.
Best Practice Adoption: Implementation of industry-leading privacy standards.
14. Contact Information and Support
14.1 Privacy Team Contacts
Data Protection Officer: privacy@directtask.co.uk
Phone: +44 7424 616053 (UK) |
Mail: Direct Task Privacy Team, Tay House, 300 Bath St, Glasgow,UK, G2 4JR
14.2 Support Resources
Privacy Help Center: Comprehensive guides and FAQs about privacy settings and rights.
Live Chat Support: Real-time assistance with privacy-related questions.
Video Tutorials: Step-by-step guides for managing your privacy preferences.
Community Forums: User discussions about privacy best practices and features.
14.3 Regulatory Authorities
UK Users: Information Commissioner’s Office (ICO) – https://ico.org.uk/
EU Users: Your local Data Protection Authority
California Users: California Attorney General’s Office
Other Jurisdictions: Contact information for relevant authorities provided upon request.
15. Appendix: Technical Details
15.1 Data Processing Lawful Bases (GDPR)
Contract Performance: Processing necessary for service delivery
Legitimate Interests: Platform optimization and fraud prevention
Legal Obligation: Compliance with financial and safety regulations
Consent: Marketing communications and optional features
Vital Interests: Emergency situations and safety protections
15.2 Data Categories and Purposes
Data CategoryPurposeLegal BasisRetentionAccount InformationUser authenticationContractAccount lifetimePayment DataTransaction processingContract7 yearsCommunicationSupport and dispute resolutionLegitimate Interest3 yearsMarketing PreferencesTargeted communicationsConsentUntil withdrawnLocation DataService matchingConsent1 year
15.3 Third-Party Integrations
Payment Processors: Stripe, PayPal (PCI DSS Level 1 certified)
Analytics: Google Analytics 4 (anonymized), Adobe Analytics
Communication: SendGrid (email), Twilio (SMS)
Verification: Jumio (identity), Checkr (background checks)
Infrastructure: Amazon Web Services (AWS), Microsoft Azure
This Privacy Policy represents our commitment to your privacy rights and data protection. We regularly review and update our practices to ensure they meet the highest standards of privacy protection.
Document Version: 2.0
Effective Date: January 15, 2025
Next Review: July 15, 2025