1. The Scope of This Policy

This policy applies to all Time Doctor users and to all Time Doctor platforms and services, including our apps, websites, features, and other services (collectively, the “Time Doctor Platform”). Please remember that your use of the Time Doctor Platform is also subject to our Terms of Service. Please read this Privacy Policy carefully. By accessing or using any part of the Time Doctor Platform, you acknowledge you have been informed of our practices with regard to your personal information and data.

When we talk about “Time Doctor,” “we,” “our,” or “us,” in this notice, we are referring to MyStaff.com LLC. 

Time Doctor acts as both a controller and a processor of personal information . We are a controller when we decide the purposes for which and the means by which we will process your personal information. We act as a processor when we process personal information on behalf of our customers.

We act as a controller in relation to supplier contact information, user log in details and information that we use for our own security and research purposes. We act as a processor in relation to personal data that we process on behalf of our customers, for example when we process user data that we process when a customer’s  employee uses the Time Doctor platform. 

2. The Information We Collect

When you use the Time Doctor platform, we collect the information you provide, usage information, and information about your device. We also collect information about you from other sources, like third-party services and optional programs in which you participate such as surveys, which we may combine with other information we have about you. Here are the types of information we collect about you:

A. Information You Provide to Us

Account Registration. When you create an account with Time Doctor, we collect the information you provide us, such as your name, email address, photo, physical address, and payment information. You may choose to share additional information with us during account registration.

Communications. When you contact us or we contact you, we collect any information that you provide, including the contents of the messages or attachments you send us.

B. Information We Collect When You Use the Platform

Website Visitor Information. Like most website operators, Time Doctor collects basic non-personally identifying information from website visitors of the sort that web browsers and servers typically make available. This includes the browser type, language preference, referring site, and the date and time of each visitor request. We collect this information to better understand how visitors use the website, to improve our website and experience for visitors, and to monitor the security of the website.

Device Information. We collect information about the devices you use to access the Time Doctor Platform, including device model, IP address, version of operating system, identity of carrier and manufacturer, radio type (such as 4G), preferences and settings (such as preferred language), application installations, device identifiers, advertising identifiers, and push notification tokens.

Usage Information. We collect information about your use of the Time Doctor Platform, including the time you started work, the time you finished work, tasks or projects worked on, names of applications used on your computer, websites visited, and screenshots of your desktop screen. We also collect information about your interactions with the Time Doctor Platform, including the pages and content you view and the dates and times of your use.

The Time Doctor desktop app records the number of keystrokes and mouse movements you make. It does NOT record where you click on the screen, and it does NOT record what you type. It is not a keystroke-logging application.

Cookies, Analytics, and Third Party Technologies. We collect information through the use of “cookies,” tracking pixels, data analytics tools like Google Analytics, SDKs, and other third-party technologies to understand how you navigate through the Time Doctor Platform and interact with Time Doctor advertisements. We use this information to learn what content is popular, to improve your site experience, and to save your preferences.

For more information on what cookies are used and how to manage your cookie preferences, visit our Cookie Notice.

C. Information We Collect from Third Parties

Third-Party Services. Third-party services provide us with information needed for core aspects of the Time Doctor Platform. These third-party services include payment service providers, marketing providers, and other businesses. We obtain the following information about you from these third-party services:

• Financial information, such as payment, transaction, and fraud detection information;

• Information about you provided by marketing service providers (for example, Meta and Google), such as demographic and market segment information.

Enterprise Programs. If you use Time Doctor through your employer or other organization, we will collect information about you from those parties, such as your name and contact information.

3. How We Use Your Information

Providing the Time Doctor Platform. We use your personal information to provide an intuitive, useful, efficient, and worthwhile experience on our platform. To do this, we use your personal information as set out below.

As a controller, we:

• Verify your identity and maintain your account, settings, and preferences;

• Process payments;

• Communicate with you about your experience;

• Collect feedback regarding your experience; and

• Facilitate additional services and programs with third parties.

As a processor on behalf of our customers we:

• Operate our Platform and provide information on your work activity to employers. 

Maintaining the Security and Safety of the Time Doctor Platform and its Users. Providing you a secure and safe experience is the cornerstone of our Platform. To do this, we use your personal information as a controller to:

• Authenticate users;

• Find and prevent fraud; and

• Block and remove unsafe or fraudulent users from the Platform.

Providing Customer Support. We work hard to provide the best experience possible, including supporting you when you need it. To do this, we use your personal information as a processor on behalf of our customers to:

• Investigate and assist you in resolving questions or issues you have regarding the Platform; and

• Provide you with support or respond to you.

Improving the Time Doctor Platform. We are always working to improve your experience and provide you with new and helpful features. To do this, we use your personal information as a controller to:

• Perform research, testing, and analysis;

• Develop new products, features, partnerships, and services;

• Prevent, find, and resolve software or hardware bugs and issues; and

• Monitor and improve our operations and processes, including security practices, algorithms, and other modeling.

For marketing purposes. Where we have necessary consents, we may contact you for marketing purposes to inform you about our products, services and offers. 

Responding to Legal Proceedings and Requirements. Sometimes the law, government entities, or other regulatory bodies impose demands and obligations on us with respect to the services we seek to provide. In such a circumstance, we may use your personal information as a controller to respond to those demands or obligations. We will also use personal information where it is necessary to do so to defend legal claims or exercise our legal rights. 

4. Lawful Basis

When we process your personal information as a controller under the EU General Data Protection Regulation (GDPR) and UK data protection legislation (UK GDPR) we are required to have a lawful basis to permit us to process your personal information. We rely on the following lawful bases to process personal information:

5. How We Share Your Information

We do not sell your personal information. To make the Time Doctor Platform work, we may need to share your personal information with other users, third parties, and service providers. This section explains when and why we share your information.

A. Sharing Between Time Doctor Users

Your Company and Managers. The website and app usage information that we collect is shared with your company admin, your manager(s) as designated by your company admin, and yourself. Website and application monitoring is active for all users of the system when they are actively tracking time. Screenshot monitoring can be individually activated or deactivated by your company admin for all or some members of your team.

B. Sharing With Third-Party Service Providers for Business Purposes

Depending on if you are an admin or user, Time Doctor may share the following categories of your personal information to enable us to provide our services:

• Personal identifiers, such as your name, address, email address, and phone number;

• Financial information, such as bank routing numbers, tax information, and any other payment information you provide us;

• Commercial information, such as feedback and transaction history;

• Internet or other electronic network activity information, such as your IP address, type of browser, version of operating system, carrier and/or manufacturer, device identifiers, and mobile advertising identifiers.

We disclose those categories of personal information to service providers to fulfill the following business purposes:

• Maintaining and servicing your account;

• Processing or fulfilling orders;

• Providing customer service;

• Verifying the identity of users;

• Detecting and preventing fraud;

• Providing marketing and advertising services to Time Doctor;

• Providing financing;

• Providing analytics services to Time Doctor; and

• Undertaking internal research to develop the Time Doctor Platform.

C. For Legal Reasons and to Protect the Time Doctor Platform

We may share your personal information in response to a legal obligation, or if we have determined that sharing your personal information is reasonably necessary or appropriate to:

• Comply with any applicable federal, state, or local law or regulation, civil, criminal or regulatory inquiry, investigation or legal process, or enforceable governmental request;

• Respond to a legal process (such as a search warrant, subpoena, summons, or court order);

• Enforce our Terms of Service;

• Cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local law; or

• Exercise or defend legal claims, protect against harm to our rights, property, interests, or safety or the rights, property, interests, or safety of you, third parties, or the public as required or permitted by law.

D. In Connection with Sale or Merger

We may share your personal information while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of our assets.

E. Upon Your Further Direction

With your permission or upon your direction, we may disclose your personal information to interact with a third party or for other purposes.

6. Overseas Transfers

We sometimes transfer your personal information to other countries to enable us to provide our services. For example, we store personal information in Colombia, India, Singapore, the US, UK and EU. Where we transfer personal data from within the UK or the EU to a third country we ensure that there are adequate measures in place to safeguard your information. If the country to which we are transferring your information is not recognised as having adequate data protection laws by the UK/EU (as applicable), we will ensure that an appropriate mechanism is in place to keep your personal information safe. Such mechanisms include standard contract clauses approved by the European Commission and/or the UK’s Information Commissioner and, in relation to transfers to the US, the EU-US Data Privacy Framework. You can find details of the standard contract clauses and the Data Privacy Framework using the links below:

EU Standard Contract Clauses

UK ICO data transfer agreement and addendum

EU-US Data Privacy Framework

7. How We Store and Protect Your Information

We retain your information for as long as necessary to provide you and our other users the Time Doctor Platform. This means we keep your profile information for as long as you maintain an account. We retain transactional information for at least seven years to ensure we can perform legitimate business functions, such as accounting for tax obligations. If you request account deletion, we will delete your information as set forth in the “Deleting Your Account” section below.

We take reasonable and appropriate measures designed to protect your personal information. These include:

• Encrypted data transfer (HTTPS)

• Email verification

• A strong password management policy

• Internal system logging

• Network and overall infrastructure security

• Physical security

• Two-factor authentication (2FA)

8. Your Rights and Choices Regarding Your Data

Time Doctor provides ways for you to access and delete your personal information as well as exercise other data rights that give you certain control over your personal information.

A. All Users

Email Subscriptions. You can always unsubscribe from our commercial or promotional emails by clicking unsubscribe in those messages. We will still send you transactional and relational emails about your use of the Time Doctor Platform.

Push Notifications. You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the Platform.

Profile Information. You can review and edit your profile by logging in to your account settings and profile.

Location Information. You can prevent your device from sharing location information through your device’s system settings.

Cookie Tracking. You can modify your cookie settings through the Cookie Declaration on our website or via the cookie settings on your browser, but if you delete or choose not to accept our cookies, you may lose certain features of the Platform.

Do Not Track. “Do Not Track” is a privacy preference you can set in your browser if you do not want online services to collect and share certain kinds of information about your online activity from third-party tracking services.

Deleting Your Account. If you would like to delete your Time Doctor account, please speak with your company administrator. In some cases, we will be unable to delete your account, such as if there is an issue with your account related to an ongoing legal dispute or fraud. When we delete your account, we may retain certain information for legitimate business purposes or to comply with legal or regulatory obligations. For example, we may be obligated to retain your information as part of an open legal claim. When we retain such data, we do so in ways designed to prevent its use for other purposes.

B. California Residents

The California Consumer Privacy Act provides some California residents with the additional rights listed below. To exercise these rights, please reach out to us at dpo@timedoctor.com with your request.

Right to Know. You have the right to know and see what data we have collected about you over the past 12 months, including:

• The categories of personal information we have collected about you;

• The categories of sources from which the personal information is collected;

• The business or commercial purpose for collecting your personal information;

• The categories of third parties with whom we have shared your personal information; and

• The specific pieces of personal information we have collected about you.

Right to Delete. You have the right to request that we delete the personal information we have collected from you (and direct our service providers to do the same). There are a number of exceptions, however, which include, but are not limited to, when the information is necessary for us or a third party to do any of the following:

• Complete your transaction;

• Provide you a good or service;

• Perform a contract between us and you;

• Protect your security and prosecute those responsible for breaching it;

• Fix our system in the case of a bug;

• Protect the free speech rights of you or other users;

• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;

• Comply with a legal obligation; or

• Make other internal and lawful uses of the information that are compatible with the context in which you provided it.

Other Rights. You can request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. You also have the right not to be discriminated against for exercising any of the rights listed above.

Response Timing and Format. We aim to respond to a consumer request for access or deletion within 30 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.

To request access to or deletion of your personal information, or to exercise any other data rights under California law, contact us via email at dpo@timedoctor.com. Please include your full name and email address along with why you are writing so that we can process your request in a timely manner.

C. European Union and UK Users

If you are located in the European Union or the UK, the General Data Protection Regulation (GDPR) or the UK GDPR (as applicable) provides you with the additional rights listed below.

Right of Access. You have the right to know what information we hold about you, including:

• The specific pieces of personal information we have collected about you;

• The categories of personal information we have collected about you;

• The categories of sources from which the personal information is collected;

• The business or commercial purpose for collecting your personal information;

• The categories of third parties with whom we have shared your personal information;

• The anticipated period of time for which your personal data will be stored; and

• The existence of automated decision-making, including profiling.

Right to Correct. If you find out that your personal data is inaccurate or incomplete, you can request that we correct it.

Right to Restrict. You have the right to suspend our processing of your personal data if:

• The accuracy of the personal data is contested;

• The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

• Time Doctor no longer needs the personal data for the purposes of processing but is required to keep it for the establishment, exercise, or defense of legal claims; or

• You have objected to processing pursuant to Article 21(1) of the GDPR, pending the verification of whether the legitimate grounds of the data controller override those of the data subject.

Right to report. You have the right to complain to a supervisory authority if you believe your privacy rights are being violated.

Other Rights. In certain instances, you may have the right to data portability (if our processing is based on consent and automated means), withdraw consent at any time (if processing is based on consent), object to processing (if processing is based on legitimate interests), object to processing of personal data for direct marketing purposes, and erasure of your personal data from our system (“right to be forgotten”) if certain grounds are met.

Where we process your personal information as a processor. We will forward any data protection requests that we receive to the relevant controller, who will be responsible for responding to your requests. 

Response Timing and Format. We aim to respond to a consumer request for access, correction, restriction, or deletion within 30 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.

To make a request under the GDPR or to exercise any other data rights under EU law, contact us via email at dpo@timedoctor.com. Please include your full name and email address along with why you are writing so that we can process your request in a timely manner.

Our data protection officer may be reached by contacting:

dpo@timedoctor.com

HelloDPO Law Ltd
Registered office: 23 Cottingham Way, Thrapston, Northamptonshire, NN14 4PL, United Kingdom

7. Links to Third-Party Websites

The Time Doctor platform may contain links to third-party websites. Those websites may have privacy policies that differ from ours. We are not responsible for those websites, and we recommend that you review their policies. Please contact those websites directly if you have any questions about their privacy policies.

8. Changes to This Privacy Policy

We may update this policy from time to time as the Time Doctor Platform changes and privacy law evolves. If we update it, we will do so online, and if we make material changes, we will let you know through the Time Doctor Platform or by some other method of communication, like email. 

9. Contact Us

If you have any questions or concerns about your privacy or anything in this policy, including if you need to access this policy in an alternative format, we encourage you to contact us.