T
TaskBloomBack
Legal

GDPR Compliance

Last updated: 7 May 2026

TaskBloom is committed to protecting the privacy and data rights of all users, particularly those within the United Kingdom and European Economic Area. This page outlines your rights under the UK GDPR and EU General Data Protection Regulation and explains how we uphold them.

1. Data Controller

TaskBloom is the data controller for the personal information collected through the platform. As a UK-based platform, we comply with the UK GDPR and the Data Protection Act 2018.

If you have any questions about how we handle your data, please contact our Data Protection team at dpo@taskbloom.co.uk.

2. Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR:

Contractual Necessity

We process your data as necessary to perform our contract with you — to provide the TaskBloom platform, process campaigns, handle payments, and facilitate task completion.

Legitimate Interests

We process certain data for our legitimate business interests, including:

  • Fraud detection and prevention
  • Platform security and integrity
  • Service improvement and analytics
  • Direct communications about your account

Consent

Where required, we will seek your consent for specific processing activities, such as marketing communications and certain non-essential cookies. You may withdraw consent at any time.

3. Your Rights Under GDPR

As a data subject, you have the following rights under UK GDPR and EU GDPR:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of your verified request, free of charge.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will update your information promptly.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data where:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

Note that we may retain certain data as required by law or for the establishment, exercise, or defence of legal claims.

Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances, including when you contest the accuracy of your data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transfer your data directly to another controller where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

TaskBloom uses automated systems for fraud detection and campaign quality assurance. These systems do not make solely automated decisions that produce legal effects concerning you without human oversight. You may request human review of automated decisions by contacting our support team.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

  • Email: dpo@taskbloom.co.uk
  • Subject line: “GDPR Request — [Your Name]”

We will respond to your request within 30 days. We may need to verify your identity before processing your request. There is no charge for exercising your rights unless your request is manifestly unfounded or excessive.

5. Consent Management

Where we rely on consent as a legal basis, we obtain your consent through clear, affirmative action. You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

You can manage your consent preferences for cookies through your browser settings. Marketing preferences can be updated in your account settings or by contacting us directly.

6. International Data Transfers

TaskBloom operates globally, which may involve transferring your data to countries outside the UK and EEA. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements
  • Transfer risk assessments

You may request a copy of the safeguards in place for international transfers by contacting our Data Protection team.

7. Data Protection Officer

TaskBloom has appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection practices. You may contact our DPO directly:

  • Email: dpo@taskbloom.co.uk
  • Response time: within 48 hours

8. Complaints

If you believe that we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the relevant supervisory authority.

UK users: Information Commissioner's Office (ICO)
Website: ico.org.uk

EU users: Your local data protection authority

We encourage you to contact us first so that we can address your concern directly.

9. Security Measures

We implement appropriate technical and organisational measures to ensure the security of personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and penetration testing
  • Staff training on data protection practices
  • Incident response procedures

10. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected individuals without undue delay.

This GDPR Compliance page was last updated on 7 May 2026. It reflects our commitment to protecting your privacy and data rights.