Timedoctor is GDPR compliant
Time Doctor complies with the European Union’s General Data Protection Regulation (GDPR) that went into effect on May 25, 2018. As a business, we work hard every day to ensure that our data subjects are protected.
If you have any questions, comments, or concerns related to the GDPR, please feel free to contact us.
Time Doctor has a data protection officer (DPO) whom you can contact at email@example.com
Our EU representative may be reached by contacting:
Petrov Law Co.
38 Aleksander Stamboliiski Bul., Floor 1, Office 2
Sofia, Bulgaria 1000
Last updated: 03/01/2020
1925 Village Center Circle, Suite 150
Las Vegas, Nevada, 89104, USA
In order to comply with applicable laws, including local data protection legislation, and especially the EU’s General Data Protection Regulation, we will process your data based on legitimate grounds. We will specifically seek explicit prior consent for particular types of processing (e.g. automated individual decision-making). Furthermore, we are committed to protecting the privacy, confidentiality, and security of your personal information by complying with applicable laws.
Personal data: Any information which relates to a natural person who can be identified, whether directly or indirectly, by reference to any other item of information (e.g. email address, pictures, IP address), which is in the possession of or is likely to come into the possession of the data controller.
Data processing: Any operation or set of operations involving personal data, whether or not by automatic means. Thus, it comprises collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure, or destruction of personal data.
Data controller: The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing of personal data where the purposes and means of such processing are determined by Union or Member State law, the data controller, or the specific criteria for its nomination as provided for by Union or Member State law.
Data processor: The collection and processing of personal data may involve a “data processor,” a natural or legal person that actually collects and processes personal data upon instructions from, on behalf of, and under the surveillance of the data controller.
Data subject: The natural person to whom the personal data relates.
Data protection authority (DPA): The public body or organization that is entitled by law to regulate data protection issues in a certain country.
Authentication: Proving that a certain person possesses a certain identity and/or is authorized to carry out certain activities.
Cookie: A small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser may send the cookie back to the server to notify the website of the user’s previous activity.
Encryption: A discipline which embodies principles, means, and methods for the transformation of data in order to hide its information content, prevent its undetected modification, and/or prevent its unauthorized use.
Data protection: The employment of technical, organizational, and legal measures in order to achieve the goals of data security (confidentiality, integrity, and availability), transparency, intervenability, and portability as well as compliance with the relevant legal framework.
Data retention period: The length of time for which the data is kept. In this respect, it should be noted that, as a general principle, personal data can be kept for no longer than is necessary for the purposes for which the personal data is processed.
Location data: Any information regarding the position of the data subject, which might be used to provide specific services based on the position of the users or for an employer to exercise control over the subject. Specific rules and restrictions may apply. Location data can be usually processed only with the specific prior consent of the user, provided that the user is enabled to withdraw such consent at any time.
Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movement.
Sensitive data: Personal data that allows for the disclosure of a person’s racial or ethnic origin; religious, philosophical or other beliefs; political opinions; trade-union memberships; health; sexual orientation; and life. This information may seriously impact a person’s privacy and dignity. Special precautions are also necessary with regard to judicial data and criminal records (even the fact of being a suspect or defendant in connection with a criminal proceeding) as well as to biometric data and genetic data. While in the European Economic Area (EEA), the cited data is broadly defined as “special categories of data” and “personal data related to criminal convictions and offenses,” in other areas, the definition of “sensitive data” may vary from country to country. In some regions, this may even include financial information. As a general rule, sensitive data should not be used for profiling or marketing purposes and may require prior authorization by the local data protection authority (DPA) to be processed. In some legislations, sensitive data processing may be completely prohibited.
Software development kit (SDK): Typically, a set of software development tools that allows the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar development platform. Some SDKs are installed in apps to provide analytics and data about activity. Prominent examples include Google, InMobi, and Facebook.
Third party: Any natural or legal person, public authority, agency, or any other body apart from the data subject, the data controller, the data processor, and the people who, under the direct authority of the data controller or the data processor, are authorized to process the data. This means that people working for an organization that is legally different from the data controller – even if it belongs to the same group or holding company – will be (or will belong to) a third party.
Regulation: The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The Necessity to Collect Personal Data
The nature of our product and the services we provide with the same require the collection and use of your personal data. When purchasing and using our product, you enter into a contractual relationship with MyStaff. By virtue of that relationship and to allow us to provide the services required, we collect and process your personal data. Prior to starting to use our services, you are obliged to familiarize yourself with and accept our terms and conditions for processing the personal data contained therein. Here we will set out how and why it is necessary to collect and process personal data, the types and methods of collecting personal data, and your rights and obligations under the applicable legislation. If do not wish for MyStaff to collect and process your personal data, please do not use our products.
Our products are not intended for use by people under 18 years of age. If you are such a person, please stop using our services. If we discover that you are under 18 years of age, your access to our products and the services they provide will be stopped.
The Types of Information We Collect
In order to provide our services to you, we will collect the personal data that is necessary to provide said services. If you do not provide your personal data, we may not be able to provide you with our products or services.
We process your personal data for the purpose of fulfilling our part of the contractual relationship while delivering our products. We might process your personal data to observe a legal requirement that applies to us, for the purpose of protecting the vital interests of you or another person, to fulfill a task in public interest, to fulfill a power officially assigned to us, or to protect our legitimate interests. If the need arises to process your personal data on different grounds, we will ask for your explicit consent.
We will only collect the information that is necessary for its specified, explicit, and legitimate purposes and will not further process it in a manner that is incompatible with those purposes. We may collect the following types of information (which may or may not include personal data):
Information you provide to us in relation to creating an account: If you would like to use our services, you will need to register for an account. We will collect certain information about you in connection with your registration, including personal data. The personal data that we collect with your registration is your first and last name, email address, and password.
Specific information about you from third-party service providers: We may collect and use information such as your advertising ID as assigned by third-party service providers.
Financial information: This includes information related to completing purchases such as your bank account number, the account holder’s name, your credit card number, etc. To pay for our services, we use a service provider. We do not collect information about your credit card or other financial information. For further information, please acquaint yourself with the terms and conditions of our payment service provider.
Desktop information: Our product collects screenshots when using the program. If the program is started and you have browsers, programs, or applications open in which personal data is entered, that personal data will be recorded through the screenshots. Information related to you that you provide to third parties or service providers while using the program will also be recorded. Your use of websites or applications might also be recorded, depending on the specific account settings that have been selected by your company. Our desktop client also records information such as hostname, IP address, and MAC address.
Social information: This is information related to your social activities, for example, your current employer and current job title.
Partner information: This includes information related to your partners, clients, or contracting parties as entered by you into our program.
Support information: If you ask for support and you provide us with information containing personal data along with your request, we will retain that information.
Device information: This pertains to information related to your device, such as IMEI number, IMSI number, MAC address, serial number, Android version, Android ID, iPhone ID, screen display information, device keypad information, device manufacturer details and model name, network operator, connection type, and hardware usage information including battery use and device temperature.
Application information: This is information related to your software use, including application lists, application status records (e.g. downloading, installing, updating, and deleting), application ID information, SDK version, system update settings, etc.
Location information: This includes various types of information about your location, for example, region, country code, city code, mobile network code, mobile country code, cell identity, longitude and latitude, time zone settings, and language settings.
Log information: This information is related to your use of certain functions, apps, and websites, such as cookies and other anonymous identifier technologies, IP addresses, network request information, temporary message history, standard system logs, and crash information.
Public information: This is information about you gathered from publicly available sources, among which is information from forums, social networks such as Facebook or other third-party social media plug-ins, integrations, and applications, where you have published information and have allowed for that information to become public.
Sensitive data: We do not collect or process information pertaining to your gender, race, religion, sexual orientation, or health status. If you submit that information somewhere while using the program, it is possible for that information to be captured by a screenshot.
Profiling: MyStaff does not carry out profiling and your personal data is not subject solely to automated decision-making.
How We Use Your Personal Data
We may use your personal information for the following purposes:
- 1. Providing, processing, maintaining, improving, and developing our services to you, including after-sales services and customer support.
- 2. Communicating with you about our services or any general queries, such as updates, customer inquiry support, information about our events, and other notices.
- 3. Analyzing and developing statistical information on the use of our services to improve our products and services.
- 4. Storing and maintaining information about you for our business operations or legal obligations.
- 5. Providing information to the authorities
The Collected Information May Be Shared
With contractors: We use contractors to support our business and to develop our product. The contractors have limited access to the information that we collect from you and can only use this information to perform tasks on our behalf.
With service providers: We use third parties to support us in services such as mailing houses, delivery service providers, data centers, data storage facilities, customer service providers, advertising and marketing service providers, etc.
As required to comply with legal requirements and protect our legitimate interests: It is possible for us to share the information we have about you with data protection authorities, official state authorities, or other third parties and organizations by virtue of a legal requirement, request by a competent state authority, or by virtue of a court decision or ruling. It is possible for us to share information we have pertaining to you with our lawyers, auditors, and accountants to protect our legitimate interests.
As part of business transformations: If we sell our entire business or part of it or are involved in bankruptcy, mergers, or acquisitions, your personal data will form part of this transformation.
As anonymized data: We may share anonymized information and statistics in aggregate form with third parties for business purposes. For example, with advertisers on our website, we may share trends about the general use of our services, such as the number of customers in certain demographic groups who have purchased certain products or who have carried out certain transactions.
Taking into consideration the purposes of personal data processing, MyStaff has adopted a number of measures to guarantee the security of the personal data being processed. Security measures have been introduced to protect your personal data such as encryption, access restriction, and the ability to guarantee permanent confidentiality. An option has been created to recover your personal data in case of an accident. There are regular security audits made in relation to the web, mobile, and desktop applications that guarantee a high level of security.
Despite the security measures taken, each user of our products must keep their password for access secure, so that unauthorized people cannot log in with their profile and gain access to their personal information. If there is a chance that your password has been seen by others, please change it immediately. If you believe that others might have access to your profile, please inform us immediately.
Audits: MyStaff conducts audits of the security of the data being processed on a regular basis. In the case of a personal data breach, according to the legal requirements under GDPR, we will inform the competent supervisory authority according to the terms set out therein. If there is a possibility of a high risk to your rights and freedoms occurring, we will inform you as soon as possible.
You do not have to accept our cookies and you may set your browser to restrict their use. You may delete them after they have been placed on your hard drive. If you do not accept or delete our cookies, some areas of our websites may take more time to work or may not function properly.
We generally process the information collected automatically on the legal basis of our legitimate interest in assessing the use of our services. Where appropriate, we may rely on alternate legal bases, such as your consent to certain types of processing.
Internet browser: When you use our services, we may use automated means to collect various types of information about you, your computer, or any other device used to access our services. Our partners, including third-party service providers engaged to help provide our services, may do the same. These types of information may include the webpages of the services you have visited, browser settings, device settings, your network or IP address, the type of operating system you are using (e.g. Microsoft Windows or macOS), the name of your internet service provider and the domains used by such providers, your mobile network, the type of handheld or mobile device used (e.g. iOS or Android), location information, and the content and advertisements you have accessed, seen, forwarded, and/or clicked on.
Analytics information: We use data analytics to ensure site functionality and improve our services. We use mobile analytics software to allow us to understand the functionality of the services on your phone. This software may record information such as how often you use the services, what happens within the services, aggregated usage, performance data, app errors, debugging information, and where the services were downloaded from. We do not link the information we store within the analytics software to any personal data that you submit within the mobile application.
Your Rights Related to the Use of Your Personal Data
As a data subject whose personal data is being processed by MyStaff, you have the legal right to information about the processing of your personal data, the right to access, rectification, and erasure of your personal data, the right to restriction of the processing, the right to data portability, the right to object against the automated processing, and the right to lodge a complaint with a supervisory authority.
You can exercise all of your rights listed herein and legally defined by the GDPR by contacting us at firstname.lastname@example.org .
Please bear in mind that for any case of infringement of your rights in connection with the processing of your personal data, you can lodge a complaint with the supervisory authority responsible for those rights. You can find a list of the supervisory authorities at https://edpb.europa.eu/about-edpb/board/members_en.
Information: MyStaff, as the data controller for your personal data, strictly adheres to the legal requirements as set out in the GDPR and hereby provides complete information on personal data processing and on your rights. If you need additional information, please contact us at email@example.com .
Right of access: You have the right to request information about whether your personal data is being processed by us. If so, you can request the following information pertaining to your personal data:
a. the purposes of the processing;
b. the categories of personal data concerned;
c. the recipients or categories of recipient to which the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
d. the anticipated period during which the personal data will be stored; and
e. the existence of automated decision-making, including profiling.
MyStaff shall provide a copy of the personal data undergoing processing. For any additional copies that are requested, we will charge administrative costs.
Right to rectification: If you find out that your personal data is inaccurate or incomplete, you can request its rectification. MyStaff will conduct a check and if any inaccuracies are found, the data will be rectified.
Right to erasure: If your personal data is undergoing processing by MyStaff and you consider that this processing lacks legal grounds, is illegal, or is not necessary for the purposes for which it was collected, you can request its erasure. MyStaff will conduct a check. If any legal requirements exist that oblige MyStaff to erase your personal data, it will be erased.
Right to restriction of processing: You have the right to obtain a restriction of processing from MyStaff when one of the following applies:
a. The accuracy of the personal data is contested, restricting the data for a period that enables the controller to verify the accuracy of the personal data;
b. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
c. MyStaff no longer needs the personal data for the purposes of processing but is required to keep it for the establishment, exercise, or defense of legal claims; or
d. You have objected to processing pursuant to Article 21(1) of the GDPR, pending the verification of whether the legitimate grounds of the data controller override those of the data subject.
Right to data portability: You have the right to receive your personal data, which was provided to us, in a structured, commonly-used, and machine-readable format and have the right to transmit that data to another data controller without any hindrance from the data controller to which the personal data was provided.
Automated processing: The personal data collected by MyStaff is not subject to decisions based solely on automated processing, including profiling, which would give rise to legal consequences for the data subjects.
Employees: If you are an employee with an employer who uses our product and you have been registered in our program, then your personal data is processed by us wherever your data has been provided by your employer. Your employer has full access to your personal data. In this case, you have all the rights listed herein, which should be made clear to you by your employer.
Retention period: The personal data you have entered to establish an account is stored by us for the period of our contractual relationship and until the end of the calendar year following the year when our contractual relationship is terminated. All other personal data we collect is stored until the end of the calendar year following the year when it was collected.
Transfer to Third Parties
We may also transfer your personal data to our third-party service providers, who may be located in a country or area outside of the European Economic Area (EEA). In particular, we will ensure that all transfers will be done in accordance with the requirements applicable under your local data protection laws by putting in place appropriate safeguards.
Whenever we share personal data originating in the EEA with a third party that is outside of the EEA, we will do so on the basis of standard EU contractual clauses and any other safeguards provided in the GDPR.
Data Protection Officer (DPO): MyStaff, in accordance with the requirements of the GDPR, has appointed a DPO. For any questions or comments pertaining to our policies and your rights, you can contact our DPO, Mr. Petar Petrov, at firstname.lastname@example.org .
On the grounds of Art. 27 of the GDPR, MyStaff has appointed an EU representative.
The contact details of our EU representative are as follows:
Petrov Law Co.
38 Aleksander Stamboliiski Bul., Floor 1, Office 2
Sofia, Bulgaria 1000
In the case of a dispute pertaining to personal data processing, your rights, or our policies on personal data processing, we will provide full cooperation for its voluntary resolution including through mutual concession. If the dispute cannot be resolved voluntarily, then it shall be referred to the court having subject matter jurisdiction at the seat of the appointed representative of MyStaff in EU territory. The material law at the seat of the appointed representative of MyStaff in EU territory shall be applicable.