Industries

  • Information and Communications Technology
  • Software

Participation

Swiss-U.S. Privacy Shield Framework: Active

Original Certification Date: 4/18/2017
Next Certification Due Date: 10/27/2023
Data Collected: HR, NON-HR

EU-U.S. Privacy Shield Framework: Active

Original Certification Date: 10/13/2016
Next Certification Due Date: 10/27/2023
Data Collected: HR, NON-HR

Purpose of Data Collection

User Data. We collect data, such as a user's name and email address, when the user registers for an account on the Asana service (the "Services"). The user may also provide us with optional profile information, such as a photograph or description. We process such data in connection with our provision of the Services. Our servers automatically record certain information in server logs (such as a user's web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks and how the user interacts with the Services, domain names, landing pages, pages viewed, mobile carrier, date and time stamp information. These log files help us to monitor, analyze, improve and maintain the Services and to diagnose and fix any Services-related issues. When a user accesses the Services using a mobile device, we collect specific device information, including the type of device, its operating system, and mobile network information, unique device identifiers, and sometimes a mobile phone number. We may associate this mobile device information with the user's Services account and will use data associated with the user's device to customize the Services to the user's device and to analyze any device-related issues. We may collect and process information about the location of the device from which a user is accessing the Services. Location data may convey information about how the user browses the Services and may be used in conjunction with other collected information. The user can disable location services in the settings associated with the Services. We utilize technologies like cookies, pixel tags and web beacons to provide, monitor, analyze, promote and improve the Service. For example, a cookie is used to remember a user's name when they return to the Services and to improve our understanding of how a user interacts with the Services. The user can block cookies on their web browser. We share collected information with third party service providers who assist us in delivering, improving, protecting and promoting the Services on our behalf. We may disclose a user's data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. We may also disclose a user's data to our legal counsel, governmental authorities or law enforcement if we believe that it is reasonably necessary to do so in order to comply with a law or regulation; to protect the safety of any person; to address fraud, security or technical issues; or to protect our rights or property. If the ownership of all or substantially all of our business changes, we may transfer users' data to the new owner so that the Services can continue to operate. Human Resources. Asana uses the human resources data we collect for management and related administrative and legal compliance purposes, including in support of the EU-based affiliate with whom an individual has or had the employment relationship. For example, Asana may use the information in connection with the performance and enforcement of your employment agreement with the EU affiliate, as well as for the human resources and related administrative and legal activities of the Asana family of companies, as legally permitted. Where consistent with the EU-U.S. Privacy Shield and other applicable law, Asana may share human resources data: within the Asana family of companies; with other third parties in connection with the uses described above (such as benefits providers or data storage providers); to comply with valid legal process such as search warrants, subpoenas or court orders, and in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; to enforce and protect the rights of Asana or third parties; during emergency situations or where necessary to protect safety or property; with your consent where such consent is legally required; and as otherwise legally permissible.

Privacy Policy

HR Data

Asana, Inc. HR Privacy Shield Notice
Description:

Asana, Inc. - Human Resources EU-U.S. and Swiss-US Privacy Shield Notice

Effective Date: 12/9/2019

Non-HR Data

Description:

The policy describes the Company's practices regarding the collection, use and disclosure of information collected from and about customers when they use the Company's web-based and mobile applications and visit the Company's websites.

Effective Date: 1/1/2020
Description:

New privacy statement, effective December 15, 2021.

Effective Date: 12/15/2021

Verification Method

Self-Assessment

Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Asana, Inc. at:

Whitney Merrill
DPO
Asana, Inc.
633 Folsom St
San Francisco, California 94107

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Asana, Inc. to your question or complaint, please contact the independent recourse mechanism listed below


NON-HR RECOURSE MECHANISM



Appropriate statutory body with jurisdiction to investigate any claims against Asana, Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission