Privacy & Cookie Policy
Task Runner B.V.
Version 1.0 — 13.03.2026
1. Who we are
Task Runner B.V. is the controller (verwerkingsverantwoordelijke) for the processing of your personal data within the meaning of the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG, “UAVG”). Task Runner is a private limited liability company incorporated under Dutch law, registered with the KVK under number 42002696, with its registered office in Amsterdam, the Netherlands. You can reach us on data protection matters at privacy@taskrunner.nl.
2. Scope
This Privacy & Cookie Policy applies to all personal data processed by Task Runner in connection with the Task Runner website (www.task-runner.nl), the Task Runner mobile application(s), and any affiliated digital channel (collectively, the “Platform”). It does not apply to third-party websites or services linked from the Platform; those parties are responsible for their own privacy practices. This Policy should be read together with our General Terms and Conditions; definitions in the General Terms and Conditions also apply to the Privacy Policy.
3. What personal data we collect
3.1 Data you provide
When you register and use the Platform, we collect the personal data you provide to us. For all Users, this includes your name, email address, phone number, residential address, date of birth, and an optional profile photo. For Taskers specifically, we additionally collect a copy of a valid identity document (passport, ID card, or residence permit), your KVK registration number and VAT number (btw-identificatienummer), bank account details (IBAN), copies of professional licences or certifications where required for the relevant service category, a VOG (Verklaring Omtrent het Gedrag) where mandated, and proof of liability insurance.
In the course of using the Platform, we also collect task descriptions and service locations, photographs or media you upload, messages exchanged through our messaging system, payment and transaction data (processed by our Payment Provider; we do not store full payment card details), reviews and ratings you post, and any correspondence with our customer support.
3.2 Data we collect automatically
When you visit or use the Platform, we automatically collect certain technical and usage data, including your IP address, device type, operating system, browser type and version, language settings, pages viewed, click paths, time spent on pages, and referral URLs. We also collect approximate location data derived from your IP address and, if you enable location services on your device, precise geolocation data to facilitate matching with nearby Taskers or Tasks. Our use of cookies and similar tracking technologies is described in Section 9 below.
3.3 Data from third parties
We may receive personal data from third parties, including transaction confirmations and payment status data from our Payment Provider (Mollie), business registration data from the KVK, identity verification results from our verification provider, and, where you register via a social login, your name, email address, and profile photo as provided by the relevant social platform.
4. Why we process your data and on what legal basis
We process your personal data for the following purposes, each underpinned by a legal basis under Article 6(1) GDPR.
Account creation, Platform access, facilitating Task Contracts, and payment processing are necessary for the performance of our contract with you (Art. 6(1)(b)). This includes sharing your name, contact details, and task location with the matched Customer or Tasker to enable performance of the Services, as well as processing payments through the Payment Provider and managing the escrow (Payment Account).
Tasker verification (ID, KVK registration, insurance) is based on our legitimate interest in maintaining Platform trust and safety (Art. 6(1)(f)). Where the processing of identity document data constitutes processing of a national identification number within the meaning of Article 46 UAVG, we process on the basis of your explicit consent (Art. 6(1)(a)) or, where legally mandated, a legal obligation (Art. 6(1)(c)). VOG processing is consent-based.
Customer support, complaint handling, and dispute mediation are based on the performance of our contract with you and, where the matter extends beyond the contractual relationship, our legitimate interest in resolving disputes fairly (Art. 6(1)(f)).
Platform improvement, analytics, and personalisation are based on our legitimate interest in improving the user experience and developing our services (Art. 6(1)(f)). Data is aggregated or pseudonymised where possible.
Fraud prevention and security are based on our legitimate interest in protecting Users and the integrity of the Platform (Art. 6(1)(f)).
Direct marketing to existing Usersabout similar services is based on our legitimate interest (Art. 6(1)(f)), subject to the soft opt-in rule under Article 11.7(3) of the Telecommunicatiewet (“Tw”). Every communication includes an easy opt-out. Marketing to non-users requires prior consent (Art. 6(1)(a)).
Legal compliance, including Dutch tax law (fiscale bewaarplicht under Art. 52 AWR) and responses to lawful requests from competent authorities, is based on a legal obligation (Art. 6(1)(c)). Retention of data for the establishment, exercise, or defence of legal claims is based on our legitimate interest (Art. 6(1)(f)).
Where we rely on legitimate interest, we have conducted a balancing test (belangenafweging) and determined that our interests are not overridden by your rights and freedoms. You may request a copy of these assessments at privacy@taskrunner.nl.
5. Who we share your data with
5.1 Other Users
When a Task Contract is formed, we share relevant data (name, phone number, task address) between the matched Customer and Tasker to enable performance of the Services. Reviews and ratings are publicly visible on the Platform.
5.2 Service providers (processors)
We engage the following processors under data processing agreements:
| Processor category | Provider | Location | Data processed |
|---|---|---|---|
| Payment processing | Mollie B.V. | Netherlands | Payment data, transaction data, IBAN |
| Cloud hosting | Vercel Inc. | US | All Platform data |
| IBAN name verification | SurePay B.V. | Netherlands | Firstname(s); surname(s); IBAN; Chamber of Commerce number, trade name(s) |
5.3 Other third parties
Competent authorities and professional advisors. We may share data with the Belastingdienst, the Autoriteit Persoonsgegevens, law enforcement, or courts where required by law or necessary for the establishment, exercise, or defence of legal claims. We may also share data with lawyers, accountants, and auditors bound by professional secrecy.
Corporate transactions. In connection with a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the prospective buyer, provided they commit to equivalent data protection standards.
We do not sell your personal data to third parties.
6. International data transfers
Your personal data is primarily stored and processed within the European Economic Area (“EEA”). Where we transfer data outside the EEA (as indicated in the processor table above), we ensure appropriate safeguards are in place: either Standard Contractual Clauses (SCCs) adopted by the European Commission under Article 46(2)(c) GDPR (supplemented by a Transfer Impact Assessment), an adequacy decision under Article 45 GDPR (such as the EU-US Data Privacy Framework for certified entities), or, in exceptional cases, your explicit consent under Article 49(1)(a) GDPR. You may request a copy of the applicable safeguards at privacy@taskrunner.nl.
7. How long we keep your data
We retain your personal data only for as long as necessary for the relevant purpose or as required by law.
- Account data is retained for the duration of your account plus 12 months after account deletion. Inactive accounts are anonymised or deleted 24 months after the last login.
- Transaction and payment records are retained for 7 years after the end of the financial year in which the transaction took place, in compliance with the fiscal retention obligation under Article 52 AWR.
- Copies of identity documents are deleted within 4 weeks of successful verification; only the verification result (verified/not verified) is retained. VOG copies are deleted promptly after review.
- Support and dispute correspondence is retained for 2 years after resolution.
- Reviewsare retained for the duration of the reviewed User's account or 5 years, whichever is shorter.
- Analytics and usage data is retained for a maximum of 26 months in pseudonymised or anonymised form.
- Marketing consent records are retained for the duration of the consent plus 1 year after withdrawal.
- Cookie consent records are retained for the duration of the consent plus 1 year.
Upon expiry of the relevant retention period, data is securely deleted or irreversibly anonymised. Anonymised data may be retained indefinitely for statistical purposes.
8. Your rights
Under the GDPR and UAVG, you have the following rights in relation to your personal data:
- Right of access (Art. 15 GDPR): You may request confirmation of whether we process personal data about you and, if so, a copy of that data and information about how it is processed.
- Right to rectification (Art. 16 GDPR): You may request correction of inaccurate personal data or completion of incomplete personal data.
- Right to erasure (Art. 17 GDPR): You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where processing is unlawful, subject to retention obligations.
- Right to restriction of processing (Art. 18 GDPR): You may request that we limit processing of your data in certain circumstances, for example while the accuracy of data is contested.
- Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Right to object (Art. 21 GDPR): You may object to processing based on legitimate interest (Art. 6(1)(f)), including profiling. We will cease processing unless we demonstrate compelling legitimate grounds. You may always object to direct marketing.
- Rights related to automated decision-making (Art. 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects, unless the decision is necessary for a contract, authorised by law, or based on your explicit consent.
- Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at privacy@taskrunner.nl. We will respond within one month. We may ask you to verify your identity before processing your request. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, www.autoriteitpersoonsgegevens.nl).
9. Cookies and tracking technologies
We use cookies and similar technologies on the Platform. A cookie is a small text file placed on your device by a website. The categories below explain what cookies we use and why.
9.1 Strictly necessary cookies
These cookies are essential for the Platform to function. They enable core functionality such as authentication and security. They cannot be disabled. No consent is required for strictly necessary cookies.
| Cookie name | Provider | Purpose | Retention |
|---|---|---|---|
| Auth_token | Task Runner | Cross-site request forgery protection | Session |
| locale | Task Runner | Stores language/region preference | 1 year |
9.2 Analytical cookies
We use analytical cookies to understand how visitors interact with the Platform, measure audience size, and identify areas for improvement. The data collected is aggregated or pseudonymised where possible. These cookies require your consent under the Telecommunicatiewet, except where they are strictly necessary for us to provide a service you have requested.
9.3 Marketing and advertising cookies
These cookies are placed by advertising networks with our permission. They may be used to build a profile of your interests and show you relevant advertisements on other sites. These cookies are only activated after you have given your consent via our cookie banner.
| Cookie name | Provider | Purpose | Retention | Consent required? |
|---|---|---|---|---|
| _gcl_au | Google Ads (Google LLC) | Stores conversion data for Google Ads campaigns | 90 days | Yes |
9.4 Social media cookies
Where we embed social media plugins or sharing buttons on the Platform, those social media platforms may place cookies on your device. These cookies are subject to the privacy policies of the respective social media platforms, not this Policy. They are only activated after you give consent via our cookie banner.
9.5 Managing cookie preferences
You can manage your cookie preferences at any time via the cookie settings link in the footer of our website. You can also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform.
For more information about cookies and how to manage them, visit www.allaboutcookies.org.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include encryption of data in transit (TLS/HTTPS), access controls and authentication mechanisms, row-level security policies in our database, regular security assessments, and contractual data protection obligations imposed on our processors. However, no transmission over the internet is completely secure. If you believe your data has been compromised, please contact us immediately at privacy@taskrunner.nl. We are required to notify the Autoriteit Persoonsgegevens and affected individuals of certain types of personal data breaches within 72 hours.
11. Children
The Platform is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at privacy@taskrunner.nl and we will delete that data promptly.
12. Changes to this policy
We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will indicate the effective date of the current version at the top of the Policy. Where changes are material, we will provide you with prominent notice, for example by email or by displaying a notice on the Platform, prior to the change becoming effective. We encourage you to review this Policy periodically. Continued use of the Platform after the effective date of an updated Policy constitutes your acceptance of the changes, to the extent permitted by applicable law.
13. Contact and complaints
If you have any questions or concerns about this Policy or our data processing practices, or if you wish to exercise any of your rights, please contact us:
Task Runner B.V.Amsterdam, the Netherlands
KVK: 42002696
Email: privacy@taskrunner.nl
If you are not satisfied with our response, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) at www.autoriteitpersoonsgegevens.nl, or with the supervisory authority of your EU member state of habitual residence or place of work.
Last modified: 13.03.2026
© 2026 Task Runner B.V. All rights reserved.