Privacy Notice

Last updated: 18 June, 2025

This document, herein referred to as the "Privacy Notice" or “Notice”, is issued by TASKELIUM LTD, a company duly organized and validly existing under the Laws of the England and Wales and duly registered under Registration No. 16472172, having its Registered Office at: Brosnan House, Suite 2b, 175 Darkes Lane, Potters Bar, United Kingdom, EN6 1BW ("Company," "we," "us," or "our"), with its website https://taskelium.com/ (“Website”).

This Privacy Notice outlines our commitment to protecting your privacy and managing your personal data in accordance the UK General Data Protection Regulation and Data Protection Act 2018 (commonly – “GDPR”). We take the responsibility of handling your personal information seriously and aim to be transparent about our data practices. This document will guide you through the ways in which we collect, use, store, and protect your personal data.

Please review this Notice carefully to understand our practices regarding your personal data and how we will treat it. Continued usage of the Website or our services constitutes your consent to our practices as described. Should you have any inquiries regarding this Notice, please contact us as described in this document.

DATA CONTROLLER

The Company is the entity responsible for the collection, use, and protection of your personal data under this Privacy Notice.

As the data controller, the Company holds the primary responsibility for ensuring that your personal data is collected, stored, and processed in compliance with the GDPR and other applicable data protection laws. Our duties as the data controller include overseeing the lawful handling of your data, implementing appropriate data protection measures, responding to data subject requests, and ensuring the security and confidentiality of the personal data we manage.

PERSONAL DATA COLLECTION AND USAGE

The Company processes several distinct categories of personal data. Here are the main types of such data:

• Contact Information: Such as email addresses, phone numbers, and mailing addresses.
• Compliance-Related Data: This includes information for conducting anti-money laundering (AML) screenings, checking against politically exposed persons (PEP) lists, and other information that helps ensuring adherence to international sanctions and regulatory frameworks.
• Identity Data: This encompasses full names, identification numbers, other similar details typically found on government-issued documents, as well as other data which help us verify user identities.
• Technical Information: Data gathered from the devices and technology you use when accessing our services, including IP addresses, browser specifications, and operating system details.
• Professional Details: Job-related information like your current position, employer details, and professional achievements.
• Risk Assessment Data: Information concerning your business relationships and affiliations that might affect risk evaluations, plus data utilized in our fraud prevention efforts.
• Employment and Referral Information: Data from job applicants and referrals, including CVs, work history, educational background, and professional references, as well as other data which supports our recruitment and staffing strategies.

PURPOSES OF DATA PROCESSING

Our processing of personal data serves various specific purposes, each guided by legal bases detailed in the subsequent section of this Notice. Here are the primary purposes for which we process personal data:

• Service Provision: We process data to enter into agreements, fulfil contractual obligations, and deliver requested services to our clients.
• Recruitment and Employment: Personal data, such as information from job applicants and referrals, is processed for employment decision-making and contract management.
• Legal Compliance: Personal data is utilized to ensure compliance with applicable legal and regulatory requirements, encompassing anti-money laundering (AML) regulations, sanctions checks, risk management, and tax or financial compliance.
• Contractual Compliance: Data processing is carried out to meet contractual obligations, execute agreed-upon actions, and prevent breaches of contract terms.
• Communication and User Support: Personal data is used to engage with users, address inquiries, and provide service updates.
• Marketing: Data processing is employed to create and distribute marketing materials and service updates to existing and potential clients.
• Service Improvement and Development: Data processing aims to enhance service quality and operational efficiencies, improving the overall user experience.
• Dispute Resolution: Personal data may be processed to establish, manage, or defend against legal claims involving data subjects. Each purpose aligns with one or more legal bases, ensuring compliance with legal standards. For details on the specific legal grounds supporting these processing activities, please refer to the subsequent section of this Privacy Notice.

LEGAL BASES FOR DATA PROCESSING

The Company processes personal data based on several legal grounds, ensuring compliance with the GDPR. The choice of legal basis depends on the specific purposes for which we use your data. Below are the legal bases we rely on for processing personal data:

• Performance of a Contract: We process personal data necessary to enter into or perform a contract with you. This includes taking steps at your request before entering into a contract, such as providing quotes or service details.
• Legal Obligation: We process personal data to comply with our legal responsibilities. This includes maintaining records for tax purposes, providing information to a public body or law enforcement agency, or ensuring we meet other regulatory and statutory requirements.
• Legitimate Interests: We process personal data on the basis of legitimate interests, except where such interests are overridden by your rights and interests. This basis is used for activities like marketing, business development, and internal administration to improve service quality and business processes.
• Consent: In some instances, we rely on your explicit consent to process personal data. This includes certain types of marketing and promotional activities. You have the right to withdraw your consent at any time.

Depending on the specific interaction and the nature of the services provided, personal data may be processed based on one or more of these legal bases. Each basis is carefully determined according to the specific circumstances surrounding the processing activity to ensure that your data is handled lawfully and fairly.

DATA SHARING AND DISCLOSURE

We are committed to not selling, leasing, or exchanging your personal data with third parties for their marketing purposes. However, your personal data may be shared under the following circumstances:

• Service Providers: Companies that perform services on our behalf, including without limitations hosting, data analysis, IT services, customer service, email delivery, and auditing services.
• Legal and Regulatory Authorities: We may disclose your personal data when required by law or as necessary to protect our rights, comply with judicial proceedings or court orders.

METHODS OF DATA COLLECTION

We gather personal data through the following methods:

• Direct Collection: Data is collected directly from you when you use our services, contact support, apply for jobs, or participate in our activities.
• Indirect Collection:
  • Digital Tools: We use cookies and similar technologies to track your activity on our Website to improve user experience.
  • External Sources: We also receive data from partners, public records, and occasionally government authorities.

DATA RETENTION

Your personal data is retained only as long as necessary to fulfil the specific purposes for which it was collected, or to comply with our legal obligations, resolve disputes, and enforce our agreements. The criteria used to determine our retention periods include the duration of our ongoing relationship with you, statutory obligations, and whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

Once the retention period expires and there is no longer a legal or business need to retain the data, your personal data will be securely deleted or destroyed. Alternatively, where feasible and appropriate, we will anonymize the data so that it can no longer be associated with you or any individual, thereby preventing its further use. This process is performed in accordance with best practices for data deletion and is designed to protect your privacy and security.

YOUR RIGHTS

Under the GDPR, data subjects are afforded the following rights concerning their personal data:

• Right of Access: You have the right to request access to your personal data and obtain a copy of the information we hold about you.
• Right to Rectification: You are entitled to request the correction of any inaccurate or incomplete personal data we hold about you.
• Right to Erasure ("Right to Be Forgotten"): You may request the deletion of your personal data, subject to certain legal obligations and limitations.
• Right to Restrict Processing: Under specific circumstances, you may request that we restrict the processing of your personal data.
• Right to Object: You have the right to object to the processing of your personal data where it is based on our legitimate interests or is used for direct marketing purposes.
• Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format, and you may also request that we transfer this data to another data controller where technically feasible.
• Right to Withdraw Consent: Where the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at info@taskelium.com. We may ask you to provide sufficient information to verify your identity before processing your request. Once your request is validated, we will inform you of any applicable limitations and the outcome of your request in accordance with legal requirements.

AUTOMATED DECISION-MAKING

Company do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects on you.

DATA PROVISION REQUIREMENTS

For effective delivery of our services and to handle inquiries or applications, the provision of certain personal data is mandatory. This essential data, clearly marked as such, is required to fulfil contractual obligations and respond to inquiries. Failure to provide this data may restrict your ability to fully utilize our services or receive comprehensive responses. Optional data, while beneficial for enhancing our services, is not critical and can be provided at your discretion. Not providing optional data will not affect your access to the primary functionalities of our services.

CHILDREN'S DATA AND AGE RESTRICTIONS

The Company recognizes the importance of protecting the privacy of children. Our services are not directed towards children under the age of 18, and we do not knowingly collect or solicit personal data from individuals in this age group.

DISPUTE RESOLUTION AND RIGHTS TO LODGE A COMPLAINT

We aim to promptly and fairly address any issues or concerns regarding your personal data. If you have a complaint about how we handle your personal data, we encourage you to first contact us using the provided contact information so that we can address your concerns directly. If you find it impractical to resolve the issue by contacting us directly, you have the right to lodge a complaint with the relevant data protection authority In England and Wales the relevant authority is the Information Commissioner's Office (ICO).

ICO contact details:

• Website: https://ico.org.uk/global/contact-us/
• Data protection Complaint Mechanism: https://ico.org.uk/make-a-complaint/data-protection-complaints/?answers=g
• Phone: +0303 123 1113

INTERNATIONAL TRANSFERS OF PERSONAL DATA

Your data may be transferred to countries outside the European Economic Area (EEA). Where such transfers occur, we implement safeguards such as: (i) European Commission’s Standard Contractual Clauses; (ii) Binding corporate rules; or (iii) Transfers based on adequacy decisions. These mechanisms ensure your personal data remains protected at a level consistent with EU standards.

INFORMATION SECURITY

We prioritize the security of your personal data and implement comprehensive measures to protect it from unauthorized access, alteration, or destruction. Our security framework includes advanced encryption technologies, stringent access controls, and secure data storage solutions. These practices are designed to ensure the confidentiality, integrity, and availability of your personal data across all our operations.

In addition to our internal security measures, we advocate for responsible data management by our users. We encourage you to enhance your personal data security by adopting strong, unique passwords, keeping software up to date, and being vigilant about the confidentiality of your credentials and personal information.

UPDATES TO THIS NOTICE

The Company reserves the right to amend this Privacy Notice at its discretion and in response to evolving regulatory requirements or business practices. Any such amendments will be promptly reflected on the Website. We recommend regular review of this Notice to remain informed of any changes. Should significant modifications occur, the Company may also contact you directly using the information you have provided.

CONTACT US

If you have any questions or concerns about this Privacy Notice or our data processing practices, please contact us at info@taskelium.com.