Summary of Service
1time is a cloud-based software service operated by Time Warden (the company) for our customers who are (in the main) corporate entities of all sizes. Each customer has one or more employees, some of whom have administrative privileges. The primary purpose of the service is to keep track of employees’ time on their client projects.
All of the data that is contained in our databases including personal data is recorded and maintained by our customers, who have the role of (for the purposes of Data Protection legislation) Data Controllers while 1time is a Data Processor. The fact that certain data may be captured does not mean that it is as this is the prerogative of the Data Controller
Time Warden disclaims all ownership and other rights to content including personal data that we store and process on behalf of our customers
What Personal Information may be collected and for what purpose?
Items marked * below are mandatory fields:
For each Employee of Customer:
- Email address*: for communication with employees (reminder and notification emails). For users denoted as administrators, to send reports.
- Name*: for inclusion in communications and reports
- Personalised Working hours (if applicable) – for calculation of expected hours
- History of time spent (by client, project, activity type, task, and description) for inclusion in reports and analyses, and for billing purposes)
- Contact details (phone numbers) for personal contact
For nominated Account-holder user of Customer:
- Email address and Name will be used to send billing information and operational notices
- Our payments processor (Realex – a subsidiary of Global Payments) may request and store securely your credit card details only for the
For each Client of Customer:
- Contact Name* – for inclusion in some reports
- Contact details (phone numbers) for personal contact
For people we communicate with
We retain copies of correspondence (including email) and contact details provided to us directly by the data subjects.
For visitors to our website(s)
We use Google Analytics software to give statistical aggregated information on e.g. the relative popularity of pages, in order to improve our website. No personal information is used in this way.
- A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site’s computers and stored on your computer’s hard drive.
- Cookies are required to use the 1time service.
Managing your data with regard for data privacy
We take steps to ensure your data is highly resilient, is backed-up and recoverable in case of failure, and to uphold privacy, including:
- For each customer we maintain a unique database, so that information cannot “leak” from one customer to another
- The data and software is located in the EU under the operational management of AWS (Amazon Web Services). AWS Privacy Statement.
- We use encryption, replication, firewalls, and other techniques to protect sensitive data and communications through our web-site, and to help ensure persistence of data
Sharing personal data
- We reserve the right to share your data when instructed by authorities with jurisdiction and as required by applicable law.
Facilities enabling Customers to meet Data Privacy legal obligations
Data Privacy legislation varies from country to country and its requirements can vary from case to case. However we provide facilities to allow all personal data to be viewed, to be altered, or to be erased, by users with administrator rights. This will enable our customers to be compliant with such legislation and to deal with situations that arise e.g. under the terms of the EU GDPR (General Data Protection Regulation):
- Data being captured: As indicated above, there are certain pieces of personal information that may be captured for personal contact purposes. The 1time service will continue to function if this data is not recorded or left blank.
- Data subject access requests: Personal data of users and contacts may be viewed (and history may be downloaded) by users with administrative rights
- Right to correction of data: Personal data of users and contacts may be edited by users with administrative rights
- A user may be marked as inactive, which will prevent further use by that user or the recording of further time entries against that user
- Right to erasure: for users who have no time entries on record, there is a Delete function. Otherwise it is necessary firstly to de-activate the user, then anonymise the email address, name and other personal data using the Edit facility. This will destroy all record of the personal data with compromising the project information (of projects that the user has spent time on).
- There is no way back from Deleting or altering users or their personal information.
- Time Warden will not accept or act on any requests to delete or change personal information except as described above.
- the provisos below in relation to backup archives.
Backup Archives – Procedures and Exceptions in relation to Right to Erasure and Correction requests:
Primary instances of personal data in production systems will be erased or corrected without undue delay. However copies of personal data may also reside in backup archives that must be retained for a longer period of time – either because it is impractical to isolate individual personal data within the archive, or because the controller is required to retain data longer for contractual, legal or compliance reasons. Such data will not be restored back to production systems (except in certain rare instances, e.g., the need to recover from a natural disaster or serious security breach). In such cases, the user’s personal data may be restored from backups, but the controller will be informed and should take steps to re-process the original request. Backup archives containing personal data will be protected with strong encryption, so that even if criminals were able to steal the archive, its contents would remain useless to them.
Time Warden may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the email address of the nominated account-holder user or by placing a prominent notice on our site.