We are committed to GDPR compliance, data security, and client protection. The GDPR or General Data Protection Regulation is a regulation within the European Union which protects the personal information of those living within the EU with regards to how their information is stored, accessed, processed and moved online. It lays out a set of mandatory guidelines that we have to follow to maintain the privacy of your data. This policy sets out how we handle your personal information if you’re a visitor, user or customer to our websites, mobile applications and our services. When we say ‘we’, ‘us’, ’our’, or ‘timesheet.io’ we mean Timesheet - Mobile Time Tracking OG, the registered company behind all Services offered by us.
By using our site, mobile applications, in subscribing to our service, or filling in a contact form on our website or other sites owned by us, you agree and accept that we process, store and use the personal data submitted in accordance with the rules set forth below. In case you want your personal data removed permanently, please contact us: firstname.lastname@example.org.
What information we store about you
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
Information you provide to us
We collect information about you when you input it into the Services or otherwise provide it directly to us.
- Account and Profile Information: We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. We use an Identity Management Service so we do not have to store your credentials on our servers. When you subscribe to our Services we store your email, firstname, surname, profile image, language, address and IP-address of your device and your VAT-ID if you provide one. We keep track of your preferences when you select settings within the Services.
- Content you provide through our products: The Services include the timesheet.io web, desktop and mobile products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include. Content also includes the files and links you upload to the Services. You can provide Content such as Teams, Projects, Tasks, Breaks, Expenses, Notes, Tags, Rates, Locations, Automations, Geofences, WLAN-Access Points, Invoices, Attachments, Images and other uploads.
- Content you provide through our websites: The Services also include our websites owned or operated by us. We collect other content that you submit to these websites, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, activities or events.
- Information you provide through our support channels: The Services also include customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
- Payment Information: We do not collect any payment data. We use Payment Providers which are processing your payment data. We do collect certain billing information when you subscribe for certain paid Services such as Invoicing numbers, subscription dates, billing cycle dates, which payment provider you used and your billing address.
Information we collect automatically when you use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
- Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use and which features you use most frequently. We use this information to evaluate and improve our features.
- Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Information we receive from other sources
We receive information about you from other Service Users or from third party services.
- Other users of the Services: Other users of our Services may provide information about you when they submit content through the Services. For example, you may be mentioned by someone else in a Project, or a Team Member may upload content about you to a Task. We also receive your email address from other Service users when they provide it in order to invite you to the Services.
- Other services you link to your account: We receive information about you when you enable third-party apps, integrate or link a third-party service with our Services. For example, if you create an account or log into the Services using your Google, Facebook or Twitter credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you. You should always check the privacy settings and notices in these third-party services to understand what data may be disclosed to us or shared with our Services.
How we use your data
Any of the information we collect from you (either personally-identifying or non-personally-identifying) may be used in one of the following ways:
- Personalize your experience: Your information helps us to better understand and respond to your individual needs.
- Improve our Services: We continually strive to improve our Services based on the information and feedback we receive from you.
- Process transactions: Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
- Periodic emails: The email addresses you provide, will only be used to send you information and updates pertaining to your order. If at any time you would like to unsubscribe from receiving future emails, we include an unsubscribe link at the bottom of each email. Please note, that using certain Timesheet services necessarily requires you to receive emails.
Who we share your data with
Your data may be transferred to, stored at, or accessed from a destination outside the European Economic Area (‘EEA‘) for the purposes of us providing the Services. It may also be processed by staff operating outside the EEA who work for us, another corporate entity within our group, or any of our suppliers. By submitting your data, you explicitly consent to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.
A list of Sub-Processors used by us is maintained at https://timesheet.io/en/sub-processors.
How we protect your information
We use Service Providers and Data Processors which are highly trusted. We do not store any credentials or payment information on our servers. Your data is pseudonymized on our database. We use the Secure Sockets Layer (SSL) protocol, which encrypts any information sent between you and our Services. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at email@example.com. If we detect a data breach, we will contact you as soon as possible.
Your rights as a data subject
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email firstname.lastname@example.org or use the information supplied in the Contact us section below. Your rights are as follows:
The right to be informed
The right of access
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has been disclosed
- The retention period or envisioned retention period for that personal data
- When personal data has been collected from a third party, the source of the personal data
If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.
The right to rectification
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
The right to erasure
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
- The accuracy of the personal data is contested
- Processing of the personal data is unlawful
- We no longer need the personal data for processing but the personal data is required for part of a legal process
- The right to object has been exercised and processing is restricted pending a decision on the status of the processing
The right to data portability
You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
The right to object
You have the right to object to our processing of your data where
- Processing is based on legitimate interest;
- Processing is for the purpose of direct marketing;
- Processing is for the purposes of scientific or historic research;
- Processing involves automated decision-making and profiling.
If we, or substantially all of our assets were acquired, or in the unlikely event that we go out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us may continue to use your personal information as set forth in this policy.
Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.