Timedoctor is GDPR compliant
Timedoctor comply with the EU’s General Data protection Regulation (GDPR) laws that went into effect on 25th of May 2018. We as a business work hard every day to ensure that data subjects are protected.
If you have any questions, comments or concerns related to the GDPR, please feel free to contact us.
Timedoctor has a data protection officer (DPO) which you can contact at firstname.lastname@example.org
Our EU represnetative maybe reached by contacting:
Petrov Law Co.
38 Aleksander Stamboliiski bul., floor, office 2
Last updated: 03/01/2020
Our privacy rules have been developed with the aim to provide in an understandable way our practices for collecting and using personal data but primarily to guarantee adherence to the law when processing the personal data.
1925 Village Center Circle, Suite 150
Las Vegas 89104, USA
In order to comply with applicable laws, including local data protection legislation and especially General Data Protection Regulation in European Union, we will process your data based on the legitimate ground. We will specifically seek prior explicit consent to the particular processing (e. g. automated individual decision-making). Furthermore, we are committed to protecting the privacy, confidentiality and security of your personal information by complying with applicable laws.
Personal data: is any information which relates to a natural person who can be identified whether directly or indirectly - i.e. by reference to any other item of information (e.g. email address, pictures, IP address) which is in the possession of, or is likely to come into the possession of, the data controller.
Data processing: may be any operation or set of operations on personal data, whether or not by automatic means. Thus, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
Data processor: the collection and processing of personal data may involve a "processor", a natural or legal person that actually collects and processes personal data upon instructions, on behalf and under the surveillance of the data controller.
Data subject: is the natural person to whom personal data relates.
Data Protection Authority (DPA): is the public body or organization which is entitled by law to regulate data protection issues in a certain country.
Authentication: means proving that a certain person possesses a certain identity and/or is authorized to carry out certain activities.
Cookie: is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser may send the cookie back to the server to notify the website of the user's previous activity.
Encryption: is a discipline which embodies principles, means and methods for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorized use.
Data protection: the employment of technical, organizational and legal measures in order to achieve the goals of data security (confidentiality, integrity and availability), transparency, intervenability and portability, as well as compliance with the relevant legal framework.
Data retention period:refers to the length of time for which the data is kept. In this respect it is noticeable that, as a general principle, personal data can be kept for no longer than is necessary for the purposes for which the personal data is processed.
Location data:is any information regarding the position of the data subject (it might be used to provide specific services based on the position of the users or to exercise a control over the subject by her/his employer). Specific rules and restrictions may apply (location data can be usually processed only with the prior specific consent of the user and provided that the user is enabled to withdraw from such consent at any time).
Profiling: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Sensitive data: is a personal data that allows disclosing a person’s racial or ethnic origin; religious, philosophical or other beliefs; political opinions and trade-union memberships; or a person’s health or sexual orientations and life. This information may seriously impact a person’s privacy and dignity. Special precautions are also necessary with regard to judicial data, criminal records (even the fact of being a suspect or defendant in connection with criminal proceeding) – as well as to biometric data and genetic data. Whilst in the EEA the cited data is broadly defined as “special categories of data” and “personal data relating to criminal convictions and offices”, in other areas the definition of "sensitive data" may vary from country to country, whilst in some regions this may even include financial information. As a general rule, sensitive data should not be used for profiling and marketing purposes and may require a prior authorization by the local data protection authority (DPA) to be processed. In some legislations sensitive data processing may be completely prohibited.
SDK (Software Development Kit): is typically a set of software development tools that allows the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar development platform. There are SDKs that are installed in apps to provide analytics and data about activity. Prominent examples include Google, InMobi and Facebook.
Third party: is any natural or legal person, public authority, agency or any other body other than the data subject, the data controller, the data processor and the persons who, under the direct authority of the data controller or the data processor, are authorized to process the data. This means that persons working for an organization which is legally different from the data controller – even if it belongs to the same group or holding company – will be (or belong to a) ‘third party’.
Regulation: means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
Necessity to collect personal data
The nature of our product and the services we provide with the product require the collection and usage of your personal data. When purchasing and using our product you enter into contractual relationship with MyStaff and by virtue of that relationship and that we can, provide the services we collect and process your personal data. Prior to starting to use our services you are obliged to familiarize yourself and accept our terms and conditions for processing the personal data contained herein. Here it is set out how and why it is necessary to collect and process the personal data, the type and way of collecting of the personal data, your rights and obligations under the applicable legislation. In case you do not wish that MyStaff collects and processes your personal data, then please do not use our products.
Our products are not intended for use by persons under 18 years of age. In case you are such a person, please stop using our services. In case we receive information that you are under 18 years of age, the access to our products and the services they provide will be stopped.
Types of information we collect
In order to provide our services to you, we will collect personal data that is necessary to provide those services to you. If you do not provide your personal data, we may not be able to provide you with our products or services.
We process your personal data with the purpose to fulfill our part of the contractual relationships while delivering our products. It is possible that we process your personal data to observe a legal requirement which applies to us; for the purpose of protecting the vital interests of you or another person; to fulfill a task in public interest or to fulfill a power officially assigned to us; to protect our legitimate interests. In case of necessity to process your personal data on another ground we will ask for your explicit consent.
We will only collect the information that is necessary for its specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. We may collect the following types of information (which may or may not be personal data):
Information you provide to us in relation to creating an account. If you would like to use our services you will need an account to be registered. We will collect certain information about you in connection with your registration, including personal data. The personal data that we collect with your registration is first and last name, e-mail address and password.
Information specific to you that may be assigned by Third Party Service Providers: we may collect and use information such as your advertising ID assigned by Third Party Service Providers.
Financial information: information related to completing purchases. For example, bank account number, account holder name, credit card number etc. For the payment of our services we use Service provider, we do not collect information for your credit card or other information financial statement. Please get acquainted with the terms and conditions of our payment service provider.
Desktop information: our product collects screenshots while using the program. If the program is started and you have opened browsers, programs or applications from which personal data is entered, that personal data will be recorded through the screenshots. Will be recorded information related to you which you provide to third parties or service providers while using the program. Usage of websites or applications might be record also depending on specific account settings that you have set for your company registration with our services. Our desktop client also records information such as hostname, IP address, mac address.
Social information: information related to your social activities. For example, current employer, current job title.
Partner Information: information related to your partners, clients or contracting parties entered by you in our program.
Support Information: In case you ask for support and along with your request you provide us with information containing personal data we will retain that information.
Device information: information related to your device. For example, IMEI number, IMSI number, MAC address, Serial number, Android version, Android ID, iPhone ID, screen display information, device keypad information, device manufacturer details and model name, network operator, connection type, hardware usage information such as battery usage, device temperature.
Application information: information related to your software usage. For example, application list, application status record (e.g. downloading, installing, updating, deleting), application ID information, SDK version, system update settings etc.
Location information various types of information on your location. For example, region, country code, city code, mobile network code, mobile country code, cell identity, longitude and latitude information, time zone settings, language settings.
Log information: information related to your use of certain functions, apps and websites. For example, cookies and other anonymous identifier technologies, IP addresses, network request information, temporary message history, standard system logs, crash information.
Public information: information about you from public available sources. Among these: information from forums, social networks such as Facebook or other third-party social media plug-ins, integrations and applications, where you have published information and have allowed for that information to become public.
Sensitive data: We do not collect and process information pertaining to your gender, race, religion, sexual orientation, health status. If you have submitted that information somewhere while using the program it is possible that it be captured by a screenshot.
Profiling: MyStaff does not carry out profiling and your personal data is not subject solely to automatic decision-making.
How we use your personal data
We may use your personal information for the following purposes:
- (a) Providing, processing, maintaining, improving and developing our services to you, including after-sales and customer support.
- (b) Communicating with you about our services or any general queries, such as updates, customer inquiry support, information about our events, notices.
- (c)Analyzing and developing statistical information on use of our services to better improve our products and services.
- (d) Storing and maintaining information about you for our business operations or legal obligations. Providing information to the authorities.
We may share the collected information with
Contractors: We use contractors to support our business and to develop our product. The contractors have limited access to the information that we collected from you and they can use this information only to perform task on our behalf.
Service Providers: We use third parties to support us in services as mailing houses, delivery service providers, data centers, data storage facilities, customer service providers, advertising and marketing service providers, agents acting.
Legal requirements and protecting our legitimate interests: It is possible to share the information we have about you with data protection authorities, official state authorities or third parties and organizations by virtue of a legal requirement, request by a competent state authority or by virtue of a court decision or ruling. It is possible that we share information we have pertaining to you with our lawyers, auditors and accountants to protect our legitimate interests.
Business transformations: In case that we sell our business or part of it, or be involved in bankruptcy, merger, acquisition, your personal data will be part of this transformation.
Anonymized data: We may share anonymized information and statistics in aggregate form with third parties for business purposes, for example with advertisers on our website, we may share trends about the general use of our services, such as the number of customers in certain demographic groups who purchased certain products or who carried out certain transactions.
Taking into consideration the purposes of the personal data processing MyStaff has adopted a number of measures to guarantee the security of the personal data being processed. Security measures have been introduced to protect the personal data such as encryption, access restriction, ability to guarantee permanent confidentiality. An option has been created to recover the personal data in case of an accident. There are regular security audits made in relation to the web, mobile an desktop applications which guarantees high level of security.
Despite the security measures taken each user of our products must keep their password for access, so that it is not possible for unauthorized persons to log in with their profile and gain access to their personal information. In case of a doubt that your password has been seen by other persons please change it immediately. In case of a doubt that other persons have access to your profile please inform us immediately.
Audits: MyStaff conducts on a regular basis audits of the security of the data being processed. In case of a personal data leak while observing the legal requirements under GDPR we will inform the competent supervisory authority within the terms as set out therein. If there are conditions for a high risk to occur for your rights and freedoms we will inform you as soon as possible.
You do not have to accept our cookies and you may set your browser to restrict their use and you may delete them after they have been placed on your hard drive. If you do not accept or delete our cookies, some areas of our websites may take more time to work, or may not function properly.
We generally process information collected automatically on the legal basis of our legitimate interests in assessing the use of our services. Where appropriate, we may rely on alternate legal bases, such as your consent to certain types of processing.
Internet browser: When you use our services, we and our partners who include third-party service providers engage to help provide our services, may use automated means to collect various types of information about you, your computer or other device used to access our services. Тhe types of information may include: the web pages of the services you have visited; browser settings; device settings; network or Internet protocol address ; the type of operating system you are using (e.g., Microsoft Windows or Mac OS); the name of your Internet service and domains used by such providers, mobile network; the type of handheld or mobile device used to view the service (e.g., iOS, Android); location information; the content and advertisements you have accessed, seen, forwarded and/or clicked on.
Analytics information: We use data analytics to ensure site functionality and improve the services. We use mobile analytics software to allow us to understand the functionality of the services on your phone. This software may record information such as how often you use the services, what happens within the services, aggregated usage, performance data, app errors and debugging information, and where the services were downloaded from. We do not link the information we store within the analytics software to any personal data that you submit within the mobile application.
Your rights related to the use of your personal information
As a data subject whose personal data is being processed by MyStaff you have a legal right to information about the processing of your personal data, right to access, rectification and erasure of your personal data, right to restriction of the processing, right to data portability, right to object against the automated processing, right to lodge a complaint before a supervisory authority.
You can exercise all of your rights listed herein and legally defined as per GDPR by contacting us at email@example.com .
Please bear in mind that in any case of infringement of your rights in connection with the processing of your personal data you can lodge a complaint before the supervisory authority responsible for your rights pertaining to the processing of your personal data. A list of the supervisory authorities you can find at https://edpb.europa.eu/about-edpb/board/members_en.
Information: MyStaff as controller of your personal data strictly adheres to the legal requirements as set out in GDPR and hereby provides a complete information on the personal data processing and on your rights. If you need additional information please contact us at firstname.lastname@example.org .
Right of access to the data: You have the right to request information whether your personal data is being processed by us and if yes you can request the following information pertaining to your personal data: a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; (d) the envisaged period for which the personal data will be stored; e) the existence of automated decision-making, including profiling.
MyStaff shall provide a copy of the personal data undergoing processing. For any further copies requested we will charge for administrative costs.
Right to rectification: In the cases where you find out that your personal data is inaccurate or incomplete you can request for them to be rectified. MyStaff will conduct a checkup and if any inaccurateness is found the data will be rectified.
Right to erasure of the personal data: If your personal data is undergoing processing by MyStaff and you consider that it is being processed without the presence of a legal ground, illegally or is not necessary for the purposes for which it was collected you can request its erasure. MyStaff will conduct a checkup if any legal requirements are at hand which oblige MyStaff to erase your personal data, it will be erased.
Right to restriction of processing: you have the right to obtain from MyStaff restriction of processing where one of the following applies:(a) the accuracy of the personal data is contested, for a period enabling the controller to verify the accuracy of the personal data;(b) the processing is unlawful and you opposes the erasure of the personal data and requests the restriction of their use instead; (c) MyStaff no longer needs the personal data for the purposes of the processing, but we are required from you for the establishment, exercise or defense of legal claims; (d) you has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to data portability: You have the right to receive your personal data, which was provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Automated processing: The personal data collected by MySaff is not subject to decision solely on the basis of an automated processing, which includes profiling, which would give rise to legal consequences for the data subjects.
Employees: If you are an employee with an employer which uses our product and you have received a registration in our program then your personal data is processed by us where your data has been provided by your employer. Your employer has a full access to your personal data. In such case you have all the rights listed herein and they should be clarified to you by your employer.
Retention period: The personal data you have entered to have an account created is stored by us for the period of our contractual relationship and until the end of the calendar year following the year when our contractual relationship has been terminated. All other personal data we collect is stored until the end of the calendar year following the year when it was collected.
Transfer to third parties
We may also transfer your personal data to our third party service providers, who may be located in a country or area outside the area of the European Economic Area (EEA). In particular, we will ensure that all transfers will be in accordance with requirements under your applicable local data protection laws by putting in place appropriate safeguards.
Whenever we shares personal data originating in the EEA with a third party which are outside of the EEA, we will do so on the basis of EU standard contractual clauses or any other safeguards provided for in the GDPR.
DPO: MyStaff, in accordance with the requirements of GDPR has appointed a Data Protection Officer (DPO). For any questions and comments pertaining to our policies and your rights you can contact our DPO Mr. Petar Petrov at email@example.com .
On the grounds of art. 27 GDPR MyStaff has appointed a representative on the territory of the European Union.
The contact details of our EU representative are as follows:
Petrov Law Co.
38 Aleksander Stamboliiski bul., floor 1, office 2
In the case of a dispute pertaining to the personal data processing, your rights, our policies on personal data processing, we will provide full cooperation for its voluntary resolving including through mutual concessions. In case the dispute cannot be resolved voluntarily then it shall be referred to the court having subject matter jurisdiction at the seat of the appointed representative of MyStaf on the territory of the EU. The material law at the seat of the appointed representative of MyStaf on the territory of the EU shall be applicable.