Storage and processing of personal data - TimeDock
TimeDock Logo

Personal Data

How we store and process personal data

Processing and storing personal data

Personal Data Overview

Customer personal data we store, such as names, resides in Microsoft’s Azure Cloud. No personal data is stored locally by employees outside of this scope.

* Some data points we share with third party software platforms, such as names and company names to our help and support systems to enhance our service offering, are outlined underneath each data section further down within this document.

Categorization

We do not make a conscious effort to collect personal data of specific groups of people, such as information about persons under 18 years of age.

Data retention

We store the information listed on the following pages indefinitely, for a minimum of 7 years, or until the data owner requests that we permanently erase it from our database. Unless otherwise specified, the data listed is stored within private organisational databases hosted in Microsoft-managed high-security data centres.

Backup retention

We do not erase data from our backups as they are archived and compressed in geographically diversified ‘vaults’ within Microsoft data centres, making real-time on-demand access unrealistic. Backups are stored for up to one year before being permanently erased.

Right to forget

TimeDock customers have the ‘right to forget’ personal data stored and processed by TimeDock. Data can be permanently erased by emailing a request to erase data from an authorised account administrator email address. At that time we will erase the data as soon as possible from primary database/s, unless we require the data to fulfil an obligation to the data owner or qualified authority (i.e. a court of law). Data stored in backup databases and archives are subject to our backup retention policy.

Rectify inaccurate or incomplete personal data

The tenant (customer) is responsible for maintaining their personal data via their TimeDock web dashboard. In such instances where data is not able to be maintained directly, an email can be sent to support@timedock.com outlining the changes required to rectify the issue. We will respect the request, however we reserve the right to refuse data changes whereby we provide the capability for customer self-service, and where not practicably reasonable to do so.

Provide data subject with their personal data in a common, structured format

TimeDock data can be downloaded as common CSV file formats, viewable with any standard spreadsheet application (i.e. Microsoft Excel) and all other data is accessible within the TimeDock web dashboard. Furthermore, we will respect applications to provide a complete dataset of personal data in a common, structured format (i.e. CSV or XML file) within a timely manner. Such requests can be made to support@timedock.com, from an authorised account administrator email address.

Data protection officer

As we are a small business with fewer than 250 employees, we are not required to hire a data protection officer. We do however ensure that we maintain high security standards with respect to our database implementation, data processing and our business practices. No external contractors, companies, or any other party have access to our data systems besides Microsoft’s trusted and secure Azure Cloud, where our secure data storage and services tiers are hosted and maintained.

Tracking pixels

The following list of tracking pixels are used in a non-personally-identifiable way, for internal analytics such as advertising conversion success rates, on both the public website and the private software application.

  • Google Analytics tracking pixel

  • Goodle Adwords tracking pixel

  • Capterra.com tracking pixel

  • Facebook advertising tracking pixel

  • Microsoft Bing Ads tracking pixel

Cookies

TimeDock uses cookies to enhance our website user experience and provide session authentication for identifying users logged into a TimeDock account. Personal information we store within cookies includes:

  • Email address of the user currently logged in

  • Email address of the user, when "remember me" is enabled

  • Non-identifable information for remembering settings and preferences

Personal data we process and store:

Account information

General information used for registration of a tenant (for example a company) within the TimeDock web based software platform.

Data type Reason/Used for Required?
Company Name billing/invoicing Y
Account Number internal use only Y
Company address billing & delivery of physical goods N
Company country determining database storage location Y
TimeZone core functionality Y
Quickbooks Access Token integrating core functionality external software (Quickbooks) N
Quickbooks Access Token Secret integrating core functionality external software (Quickbooks) N
Quickbooks Realm Id integrating core functionality external software (Quickbooks) N

Information we share:
Company Name is shared with Intercom.IO for enhancing core functionality (support/help desk), and sometimes used for engagement and marketing campaigns internally, or via a GDPR-compliant email marketing platform (i.e. reply.IO).

Account Administrators

Used for logging into TimeDock application and accessing tenant data. Each tenant/account must have at least one user with administrator privileges.

Data type Reason/Used for Required?
Email User identity for core functionality, email notifications and occasional email-marketing or user-engagement campaigns Y
Password (irreversibly encrypted) Core functionality Y
Name Improve user experience and attach name to email notifications N
TimeZone The default time zone of the account, for reporting Y

Information we share:
Email, Name and TimeZone is shared with Intercom.IO for enhancing core functionality (support/help desk), and sometimes used for engagement and marketing campaigns internally, or via a GDPR-compliant email marketing platform (i.e. reply.IO).

Mobile Users

Used for logging into TimeDock mobile application.

Data type Reason/Used for Required?
Email User identity for core functionality, email notifications and occasional email-marketing or user-engagement campaigns Y
Password (irreversibly encrypted) Core functionality Y
Name Improve user experience N
TimeZone The default time zone of the user, for clocking staff in Y

Information we share:
Email, Name and TimeZone is shared with Intercom.IO for enhancing core functionality (support/help desk), and sometimes used for engagement and marketing campaigns internally, or via a GDPR-compliant email marketing platform (i.e. reply.IO).

Employee Information

Used for core functionality (time and attendance).

Data type Reason/Used for Required?
Payroll ID For matching records with third party software (i.e. Payroll). Can be any value, or a valid identifier for a record stored within another system. Y
Name A name/label for the employee record Y
Department code For categorising/grouping employees N
Pay rate/s For reporting cost overheads for labour worked N
Photo For display on employee swipe cards and within the TimeDock application/s and reports. N

Information we share:
Some or all of the information may be shared with a third party integrated product, for example a payroll system, when authorised by the tenant.

Activity Codes

Used for core functionality (categorising timesheet hours).

Data type Reason/Used for Required?
Name A name/label for the activity code Y
Unique ID For linking records within third party software Y

Information we share:
None, unless user opts in to share with integrated products.

Projects

Used for core functionality (categorising timesheet hours & reporting job hours).

Data type Reason/Used for Required?
Name Name/label for the project Y
Unique ID For linking records within third party software N
Description Optional basic description of the project N

Information we share:
Some or all of the information may be shared with a third party integrated product, for example a payroll system, when authorised by the tenant.

Tasks

Used for core functionality (categorising timesheet hours & reporting task hours).

Data type Reason/Used for Required?
Name Name/label for the task Y
Unique ID For linking records within third party software N
Description Optional basic description of the task N

Information we share:
Some or all of the information may be shared with a third party integrated product, for example a payroll system, when authorised by the tenant.

LockTags

Data type Reason/Used for Required?
Name Name/label for the LockTag Y
Description Optional basic description for the LockTag N

Information we share:
None.

Settings

Used for core functionality (software configuration).

Data type Reason/Used for Required?
TimeZone The default time zone of the account, for reporting Y
Last day of timesheet week Sets the display order of days on a standard timesheet Y
Currency symbol Used for reporting cost overheads based on hours worked Y

Information we share:
None.

Time Entries

Used for core functionality (time and attendance).

Data type Reason/Used for Required?
Employee ID Core functionality / Link with employee data Y
Clock Action (in/out) Flag representing whether the employee clocked in or out Y
Date/Time (Local) The time of the entry, in local time zone format Y
Date/Time (UTC) The time of the entry, in UTC time Y
User/Device Id For linking with user/device data Y
GPS coordinates For storing entry GPS location information, when enabled N
GPS accuracy radius For storing entry GPS location information, when enabled N
Project/Task ID Link to Project/Task data N
Activity Code ID Link to Activity code data N
Units completed A field to store numerical inputs when clocking out N

Information we share:
Some or all of the information may be shared with a third party integrated product, for example a payroll system, when authorised by the tenant.