Processing and storing personal data
Last updated - Jun 02, 2020 at 2:55PM
Personal Data Overview
Customer personal data we store, such as names, resides in Microsoft’s Azure Cloud. No personal data is stored locally by employees outside of this scope.
* Some data points we share with third party software platforms, such as names and company names to our help and support systems to enhance our service offering, are outlined underneath each data section further down within this document.
Categorization
We do not make a conscious effort to collect personal data of specific groups of people, such as information about persons under 18 years of age.
Parental consent for processing information of minors
TimeDock is intended to be used by employers who are hiring workers aged 16 and above. We do not intend TimeDock to be used for tracking/reporting of attendance for minors and as such we do not have functionality for requesting parental consent for any personal data belong to a minor, such as a name or a photo, loaded into our software by any member of our platform.
Data retention
We store the information listed on the following pages indefinitely, for a minimum of 7 years, or until the data owner requests that we permanently erase it from our database. Unless otherwise specified, the data listed is stored within private organisational databases hosted in Microsoft-managed high-security data centres.
Backup retention
We do not erase data from our backups as they are archived and compressed in geographically diversified ‘vaults’ within Microsoft data centres, making real-time on-demand access unrealistic. Backups are stored for up to one year before being permanently erased.
Right to forget
TimeDock customers have the ‘right to forget’ personal data stored and processed by TimeDock. Data can be permanently erased by emailing a request to erase data from an authorised account administrator email address. At that time we will erase the data as soon as possible from primary database/s, unless we require the data to fulfil an obligation to the data owner or qualified authority (i.e. a court of law). Data stored in backup databases and archives are subject to our backup retention policy.
Rectify inaccurate or incomplete personal data
The tenant (customer) is responsible for maintaining their personal data via their TimeDock web dashboard. In such instances where data is not able to be maintained directly, an email can be sent to support@timedock.com outlining the changes required to rectify the issue. We will respect the request, however we reserve the right to refuse data changes whereby we provide the capability for customer self-service, and where not practicably reasonable to do so.
Provide data subject with their personal data in a common, structured format
TimeDock data can be downloaded as common CSV file formats, viewable with any standard spreadsheet application (i.e. Microsoft Excel) and all other data is accessible within the TimeDock web dashboard. Furthermore, we will respect applications to provide a complete dataset of personal data in a common, structured format (i.e. CSV or XML file) within a timely manner. Such requests can be made to support@timedock.com, from an authorised account administrator email address.
Data protection officer
As we are a small business with fewer than 250 employees, we are not required to hire a data protection officer. We do however ensure that we maintain high security standards with respect to our database implementation, data processing and our business practices. No external contractors, companies, or any other party have access to our data systems besides Microsoft’s trusted and secure Azure Cloud, where our secure data storage and services tiers are hosted and maintained.
Tracking pixels
The following list of tracking pixels are used in a non-personally-identifiable way, for internal analytics such as advertising conversion success rates, on both the public website and the private software application.
- Google Analytics tracking pixel
- Goodle Adwords tracking pixel
- Capterra.com tracking pixel
- Facebook advertising tracking pixel
- Microsoft Bing Ads tracking pixel
Cookies
TimeDock uses cookies to enhance our website user experience and provide session authentication for identifying users logged into a TimeDock account. Personal information we store within cookies includes:
- Email address of the user currently logged in
- Email address of the user, when "remember me" is enabled
- Non-identifable information for remembering settings and preferences
Account information
General information used for registration of a tenant (for example a company) within the TimeDock web based software platform:
| Data type | Reason/Used for | Required? |
| Company Name | Billing/invoicing | Y |
| Account Number | Internal use only | Y |
| Company address | Billing & delivery of physical goods | N |
| Company country | Determining database storage location | Y |
| TimeZone | Core functionality | Y |
| Quickbooks Access Token | Integrating core functionality external software (Quickbooks) | N |
| Quickbooks Access Token Secret | Integrating core functionality external software (Quickbooks) | N |
| Quickbooks Realm Id | Integrating core functionality external software (Quickbooks) | N |
Information we share:
Company Name is shared with Helpcrunch.com for enhancing core functionality (support/help desk), and sometimes used for engagement and marketing campaigns internally, or via a GDPR-compliant email marketing platform (i.e. reply.IO).
Account administrators
Used for logging into TimeDock application and accessing tenant data. Each tenant/account must have at least one user with administrator privileges.
| Data type | Reason/Used for | Required? |
| User identity for core functionality, email notifications and occasional email-marketing or user-engagement campaigns | Y | |
| Password (irreversibly encrypted) | Core functionality | Y |
| Name | Improve user experience and attach name to email notifications | N |
| TimeZone | The default time zone of the account, for reporting | Y |
Information we share:
Email, Name and TimeZone is shared with Helpcrunch.com for enhancing core functionality (support/help desk), and sometimes used for engagement and marketing campaigns internally, or via a GDPR-compliant email marketing platform (i.e. reply.IO).
Mobile users
Used for logging into TimeDock mobile application.
| Data type | Reason/Used for | Required? |
| User identity for core functionality, email notifications and occasional email-marketing or user-engagement campaigns | Y | |
| Password (irreversibly encrypted) | Core functionality | Y |
| Name | Improve user experience | N |
| TimeZone | The default time zone of the user, for clocking staff in | Y |
Information we share:
Email, Name and TimeZone is shared with Helpcrunch.com for enhancing core functionality (support/help desk), and sometimes used for engagement and marketing campaigns internally, or via a GDPR-compliant email marketing platform (i.e. reply.IO).
Employee information
Used for core functionality (time and attendance).
| Data type | Reason/Used for | Required? |
| Payroll ID | For matching records with third party software (i.e. Payroll). Can be any value, or a valid identifier for a record stored within another system. | Y |
| Name | A name/label for the employee record | Y |
| Department code | For categorising/grouping employees | N |
| Pay rate/s | For reporting cost overheads for labour worked | N |
| Photo | For display on employee swipe cards and within the TimeDock application/s and reports. | N |
Information we share:
Some or all of the information may be shared with a third party integrated product, for example a payroll system, when authorised by the tenant.
Activity codes
Used for core functionality (categorising timesheet hours).
| Data type | Reason/Used for | Required? |
| Name | A name/label for the activity code | Y |
| Unique ID | For linking records within third party software | Y |
Information we share:
None, unless user opts in to share with integrated products.
Projects
Used for core functionality (categorising timesheet hours & reporting job hours).
| Data type | Reason/Used for | Required? |
| Name | Name/label for the project | Y |
| Unique ID | For linking records within third party software | N |
| Description | Optional basic description of the project | N |
Information we share:
Some or all of the information may be shared with a third party integrated product, for example a payroll system, when authorised by the tenant.
Tasks
Used for core functionality (categorising timesheet hours & reporting task hours).
| Data type | Reason/Used for | Required? |
| Name | Name/label for the task | Y |
| Unique ID | For linking records within third party software | N |
| Description | Optional basic description of the task | N |
Information we share:
Some or all of the information may be shared with a third party integrated product, for example a payroll system, when authorised by the tenant.
LockTags
| Data type | Reason/Used for | Required? |
| Name | Name/label for the LockTag | Y |
| Description | Optional basic description for the LockTag | N |
Information we share:
None.
Settings
Used for core functionality (software configuration).
| Data type | Reason/Used for | Required? |
| TimeZone | The default time zone of the account, for reporting | Y |
| Last day of timesheet week | Sets the display order of days on a standard timesheet | Y |
| Currency symbol | Used for reporting cost overheads based on hours worked | Y |
Information we share:
None.
Time Entries
Used for core functionality (time and attendance).
| Data type | Reason/Used for | Required? |
| Employee ID | Core functionality / Link with employee data | Y |
| Clock Action (in/out) | Flag representing whether the employee clocked in or out | Y |
| Date/Time (Local) | The time of the entry, in local time zone format | Y |
| Date/Time (UTC) | The time of the entry, in UTC time | Y |
| User/Device Id | For linking with user/device data | Y |
| GPS coordinates | For storing entry GPS location information, when enabled | N |
| GPS accuracy radius | For storing entry GPS location information, when enabled | N |
| Project/Task ID | Link to Project/Task data | N |
| Activity Code ID | Link to Activity code data | N |
| Units completed | A field to store numerical inputs when clocking out | N |
Information we share:
Some or all of the information may be shared with a third party integrated product, for example a payroll system, when authorised by the tenant.