Privacy Policy
This Privacy Policy reflects the requirements of the GDPR (General Data Protection Regulation) which took effect on May 25th 2018. This policy was last updated on 14th August 2018.
Summary of Service
1time is a cloud-based software service operated by Time Warden (the company) for our customers who are (in the main) corporate entities of all sizes. Each customer has one or more employees, some of whom have administrative privileges. The primary purpose of the service is to keep track of employees’ time on their client projects.
All of the data that is contained in our databases including personal data is recorded and maintained by our customers, who have the role of (for Data Protection legislation) Data Controllers while 1time is a Data Processor. The fact that certain data may be captured does not mean that it is as this is the prerogative of the Data Controller
Time Warden disclaims all ownership and other rights to content including personal data that we store and process on behalf of our customers
What Personal Information may be collected and for what purpose?
Items marked * below are mandatory fields:
For each Employee of Customer:
- Email address*: for communication with employees (reminder and notification emails). For users denoted as administrators, to send reports.
- Name*: for inclusion in communications and reports
- Personalised Working hours (if applicable) – for calculation of expected hours
- History of time spent (by client, project, activity type, task, and description) for inclusion in reports and analyses, and for billing purposes)
- Contact details (phone numbers) for personal contact
For nominated Account-holder user of Customer:
- Email address and Name will be used to send billing information and operational notices
- Our payments processor (Realex – a subsidiary of Global Payments) may request and store securely your credit card details only for the
purpose of facilitating payments authorised by you. Global Payments Privacy Policy
For each Client of Customer:
- Contact Name* – for inclusion in some reports
- Contact details (phone numbers) for personal contact
For people, we communicate with
We retain copies of correspondence (including email) and contact details provided to us directly by the data subjects.
For visitors to our website(s)
We use Google Analytics software to give statistical aggregated information on e.g. the relative popularity of pages, to improve our website. No personal information is used in this way.
Cookies
- A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
- Cookies are required to use the 1time service.
- We use cookies to record current session information, but do not use permanent cookies. You are required to log in to your 1time Project Site after a certain period has elapsed to protect you against others accidentally accessing your account contents.
- You will be asked to give your agreement to the use of cookies for the above reasons unless you have previously given your permission. At any time you may revoke this permission simply by deleting or blocking cookies for this website in your browser.
Managing your data concerning data privacy
We take steps to ensure your data is highly resilient, is backed up and recoverable in case of failure, and uphold the privacy, including:
- For each customer, we maintain a unique database, so that information cannot “leak” from one customer to another
- The data and software are located in the EU under the operational management of AWS (Amazon Web Services). AWS Privacy Statement.
- We use encryption, replication, firewalls, and other techniques to protect sensitive data and communications through our website, and to help ensure persistence of data
Sharing personal data
Other than is explicitly stated in this privacy policy, we do not share personal data with third parties.
- We use the services of Intercom to enable our customers and users to communicate with us via online chat and messaging for support purposes. We share the email and name of our users with Intercom to associate messages with users. Intercom Privacy Policy
- We use the services of MavenTM to help us in communicating with registered account-holder users and others who have opted-in to receiving communications with news and offers in relation to 1time. Maven TM Privacy Policy
- We use the services of AdRoll to advertise our services. Cookies are used in this regard to deliver advertisements that are more likely to be of interest to users. AdRoll GDPR Compliance statement
- We reserve the right to outsource elements of our operations, and in this regard, we select only partners whose privacy policy in our opinion is compatible with ours.
- We reserve the right to share your data when instructed by authorities with jurisdiction and as required by applicable law.
- In the event that 1time is acquired by or merged with another company, 1time will notify you before information about you is transferred and becomes subject to a different privacy policy.
Facilities enabling Customers to meet Data Privacy legal obligations
Data Privacy legislation varies from country to country and its requirements can vary from case to case. However we provide facilities to allow all personal data to be viewed, to be altered, or to be erased, by users with administrator rights. This will enable our customers to be compliant with such legislation and to deal with situations that arise e.g. under the terms of the EU GDPR (General Data Protection Regulation):
- Data being captured: As indicated above, there are certain pieces of personal information that may be captured for personal contact purposes. The 1time service will continue to function if this data is not recorded or left blank.
- Data subject access requests: Personal data of users and contacts may be viewed (and history may be downloaded) by users with administrative rights
- Right to correction of data: Personal data of users and contacts may be edited by users with administrative rights
- A user may be marked as inactive, which will prevent further use by that user or the recording of further time entries against that user
- Right to erasure: for users who have no time entries on record, there is a Delete function. Otherwise it is necessary firstly to de-activate the user, then anonymise the email address, name and other personal data using the Edit facility. This will destroy all record of the personal data with compromising the project information (of projects that the user has spent time on).
PLEASE NOTE:
- There is no way back from Deleting or altering users or their personal information.
- Time Warden will not accept or act on any requests to delete or change personal information except as described above.
- the provisos below in relation to backup archives.
Backup Archives – Procedures and Exceptions in relation to Right to Erasure and Correction requests:
Primary instances of personal data in production systems will be erased or corrected without undue delay. However copies of personal data may also reside in backup archives that must be retained for a longer period of time – either because it is impractical to isolate individual personal data within the archive, or because the controller is required to retain data longer for contractual, legal or compliance reasons. Such data will not be restored back to production systems (except in certain rare instances, e.g., the need to recover from a natural disaster or serious security breach). In such cases, the user’s personal data may be restored from backups, but the controller will be informed and should take steps to re-process the original request. Backup archives containing personal data will be protected with strong encryption, so that even if criminals were able to steal the archive, its contents would remain useless to them.
CHANGES
Time Warden may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the email address of the nominated account-holder user or by placing a prominent notice on our site.
QUESTIONS
Any questions about this Privacy Policy should be addressed to support@1timetracking.com