§ 1. Introduction
We make the security and protection of your data a priority, whether it is your personal data, data relating to your company or any information regarding you as an employee of your company.
The following explanation will provide you with an overview of the protection and usage of your data. This applies to those processes where we operate as the data controller, deciding what happens with your data.
If you would like more information about how your data is used and protected when using our software application, please visit the Data Protection and Security section of our website.
Under no circumstances will your personal data be sold, leased or released in any other commercial manner.
Please note that we cannot guarantee the availability of and are not responsible for the content of external websites.
§ 2. Definitions
“Controller” as per Art 4. (7) GDPR for the Website https://www.timetac.com is the company TimeTac GmbH.
“TimeTac GmbH”, “we”, “us” and “our” refer to the company of TimeTac GmbH, registered at the following address:
Am Eisernen Tor 1, 8010 Graz, Austria.
“Customer” refers to an individual and their organisation which are currently users of the TimeTac application.
“Software” refers to our web application provided under the sub-domain of go.timetac.com.
“Service” refers to the products that we offer, including additional performance activities in marketing, sales, support and development.
“Website” refers to the address of https://www.timetac.com and its sub-pages.
§ 3. How we collect and use your data
We process your data solely on the basis of the legal provisions [Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Austrian Data Protection Act 2018 as amended by the Austrian Data Protection Deregulation Act (DSG 2018), Austrian Telecommunications Act 2003 (TKG 2003)].
§ 3.1. Information we collect when you visit our Website (“Usage Data”)
When you view our website, we collect and log certain events in our server access and error logs. This usually includes a description of an interaction, such as a failed attempt to access a certain page, and is attributed to your IP address. This data is collected by the internal logging systems on our web server.
Additionally, when you visit our Website, we process information about your interactions with our Website. The purpose of this data collection is to gain an understanding of our visitors and how they behave on our Website. This gives us useful insights, ranging from what content appears to be read most frequently, to which menu options are clicked. By collecting this information, we can continually work to improve our Website content and optimise our user experience for our Visitors.
The legal basis for this processing is our legitimate interest to prevent malicious attacks on our servers and to understand how visitors interact with our website, to then offer the best content and user experience possible.
The data we collect includes:
- Online identifiers, including IP address and cookie identifiers
- Screen resolution
- Device type, such as desktop or smartphone
- Geographic location, obtained from the IP address
- Language preference
- Mouse events, such as movements and clicks on navigation links
- Pages visited and time spent on each page
- Events, tracking what we determine to be Key Performance Indicators (KPIs), such as signing up for a trial account of our software
This data is collected by our internal logging systems, as well as Google Analytics (See section § 4.). Internal access and error log records are deleted after 1 month. Analytics data stored by Google Analytics are deleted after 26 months.
§ 3.2. Information we collect when you sign up for a free trial account of our software application (“Interest data”)
When you sign up for a trial account of our software application on our Website, we process information to maintain a record of those Visitors that became customers of our software. This is an essential process in beginning a business relationship with our Visitors. This information is collected during your visit to our Website as well as information you directly provide us with via the trial account sign up form.
This data includes:
- Company name
- E-Mail address
- Pages visited
- Language preference
- Product interests
- Time zone
This information is stored in our Customer Relationship Management (CRM) application (See § 4.). The legal basis for this is our legitimate interest to maintain records of who we maintain business relationships with.
We will also use this data for generating your desired trial account. The usage of the software application found on go.timetac.com is governed by our General Terms and Conditions and Data Processing Agreement.
We may also use your information for direct marketing purposes, such as informing you via e-mail of product updates or services that may compliment your chosen solutions. We may contact you via e-mail or telephone as part of our service to further discuss your requirements in our advertised solutions and optimally setup your account during your trial phase.
If you are not a customer of TimeTac and there has been no further interaction between our parties, then we will delete this interest data after 2 years. This time frame allows us to match any interactions or communication between our parties to your account record.
§ 3.3. Information we collect when you contact us via our contact form, e-mail or telephone (“Enquiry data”)
When you contact us via a contact form on our website, via e-mail or via telephone, we will process information you provide us for the purpose of providing services to you and contacting you regarding your enquiry, whether this be answering initial enquiries regarding our software or providing after-sales support.
The legal basis for this processing is our legitimate interest to provide you with the service you expect after such an enquiry.
This enquiry data is managed within our CRM and Support Ticketing system. If you are not a customer of TimeTac and there has been no further interaction between our parties, then we will delete this Enquiry data after 2 years. This time frame allows us to trace any previous enquiries you have made, should your interest in our application arise once again.
§ 3.4. Information we collect when you sign up for a webinar (“Webinar data”)
When you sign up for a webinar in which we remotely present the features of the software to the viewers, we will process your information for providing you access to the webinar, for maintaining a record of webinar attendees and for analytical purposes, to see which webinars were most successful.
This data is recorded within our CRM application and transactional e-mail application.
We may also use your information for direct marketing purposes, such as informing you via e-mail of product updates or services that may compliment your chosen solutions.
If you are not a customer of TimeTac and there has been no further interaction between our parties, then we will delete this Webinar data after 2 years. This time frame allows us to trace any previous interest you have shown in our application, should your interest in our application arise once again.
§ 3.5. Miscellaneous
In addition to those purposes listed above, we may also process any data collected from you or provided by you when required to comply with a legal obligation to which we are subject, to protect your vital interests or to protect the vital interests of another person. We may also disclose your information where disclosure is necessary for the establishment, exercise or defence of legal claims.
We may share your data with any current or future member group of our company, including subsidiaries and holding companies insofar as necessary to for the purposes within this policy.
§ 4. Services and providers that we use
In order to provide the best solutions and services possible, we need to rely on partners that can offer their specialised skills to assist with our business operations. The following are our partners which help us with our operations, and which services they provide us with:
- Host Europe GmbH, Hansestr. 111, 51149 Cologne, Germany
- Website Hosting
- Zoho Corporation B. V., Hoogoorddreef 15, 1101BA Amsterdam, Netherlands
- CRM, Ticketing System
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America
- Website Analytics, Website Optimisation
- Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
§ 4.1. Google Analytics
This website uses Google Analytics, a web analytics tool offered by Google LLC. The data collected about your usage of this website (§ 3.1.) is attributed to a unique identification number stored in a cookie, known as a Client ID. On every website where Google Analytics collects data about visitors, a new, unique identifier is created. This allows for analysis of such things as the number of pages a visitor viewed, or whether a visitor returns to you website later. Your identity is not associated with this Client ID.
The IP anonymisation feature of Google Analytics is active for this Website. Your IP address is visible to every website you visit, but this anonymisation feature results in your IP address being truncated before being stored on Google servers. Truncating your IP address allows us and Google to gain an insight as to where you are visiting from (usually city and country), but does not allow a more precise identification of your location.
Google is an internationally renowned service provider which operates from multiple data centers around the world. The aim of these clustered data centers is to improve resilience and redundancy by removing dependencies on individual data centres. It could be that data collected through Google Analytics is stored outside of the European Union. Google LLC employ appropriate safeguards for protecting personal data in the form of the EU-US Privacy Shield, ISO 27001 certification and ISO 27018 certification (Article 46 GDPR).
For a greater insight as to how Google uses your data, see their explanation on how Google uses data when you use partners’ sites. If you are interested in the steps Google take to safeguard your data, then you can find further information in their security and privacy principles.
§ 4.2. Google Optimize
We use Google Optimize, a service which combines with our usage of Google Analytics, both from Google LLC. While Google Analytics allows us to analyse user experiences with our Website, Google Optimize allows us to test different versions of our Website against each other to see if we can improve our user experience. This is often referred to as A/B testing.
The data collected is within the same scope of Google Analytics when you visit our website (See § 3.1 and § 4.1).
§ 4.3. Google Ads
We use the Google Ads online advertising program, offered by Google Ireland Limited, to serve text and visual advertisements of our products and services. We utilise the conversion tracking feature of Ads. If you click on a search or display advertisement of Google, cookies for conversion tracking will be set on your computer. These cookie do not serve to personally identify an individual and are automatically deleted after 30 days.
The information stored within the conversion tracking cookies serves to provide reporting features to customers of Google Ads. We receive information regarding the number of Website visitors which clicked on a particular advertisement and resulted in a conversion on our Website. These conversions are KPIs from our perspective, such as signing up for a free trial account of our application. This conversion data allows us to analyse the effectiveness of our adverts and provide more appealing content.
Please refer to Google’s guide on conversion tracking for further information.
The legal basis for this is your consent to the use of “Advertising” cookies. Cookie preferences can be controlled at the bottom of every page via the “Cookie Settings” link.
§ 4.4. Google Remarketing
We use the remarketing functionality of Google Ireland Limited on this website. This is to be considered an Advertising Feature of Google Ads (See section § 4.3.). Remarketing allows us to show personalised, interest appropriate display advertisements to the visitors of our website if they subsequently visit another website within the Google Display Network or Google Search Network. If you visit our website, a cookie for the purpose of remarketing is set on your device. These cookies do not serve to personally identify an individual and are automatically deleted after 30 days. We receive anonymised data regarding website usage, which are used as a basis for the creation of interest focused display advertisements. Advertisements will be displayed if you visit another site within the Google Display Network or Google Search Network. These advertisements will have a high probability of displaying appropriate information or products relating to previously visited websites, such as ours.
You can opt-out of such Google Analytics Advertising Features by editing your Ad Settings directly with Google.
The legal basis for this is your consent to the use of “Remarketing” cookies. Cookie preferences can be controlled at the bottom of every page via the “Cookie Settings” link.
§ 4.5. Zoho
As every business does, we need a record of our customers so we can maintain effective communication. We utilise the CRM and Support Ticketing solutions from Zoho Corporation B. V.. The data stored here is related to your free trial account of our software, any communication with our organisation and registration for webinars (See § 3.2., § 3.3. and § 3.4.).
If you additionally visited our Website through the Google Ads online advertising program (See § 4.3), we will send the Google Click ID (GCLID) to Zoho. This allows us to see the success of advertising campaigns that converted to customers. The legal basis for this is your consent to the use of “Advertising” cookies. Cookie preferences can be controlled at the bottom of every page via the “Cookie Settings” link.
§ 4.6. Mailjet
Any automated e-mail communication relating to the creation of a free trial account or the registration of a webinar are sent through our transactional e-mail provider, Mailjet SAS.
§ 4.7. YouTube
$ 4.8. Bing Ads
We use the Microsoft Ads online advertising program, offered by Microsoft Corporation, to serve text and visual advertisements of our products and services. We utilise the conversion tracking feature of Ads. If you click on a search advertisement of Bing, cookies for conversion tracking will be set on your computer. These cookies do not serve to personally identify an individual and are automatically deleted after 30 days.
The information stored within the conversion tracking cookies serves to provide reporting features to customers of Bing Ads. We receive information regarding the number of Website visitors which clicked on a particular advertisement and resulted in a conversion on our Website. These conversions are KPIs from our perspective, such as signing up for a free trial account of our application. This conversion data allows us to analyse the effectiveness of our adverts and provide more appealing content.
Please refer to Microsoft’s guide on conversion tracking for further information.
Third-party cookies can usually be managed by the tools provided by those parties. Some of such tools are available here: NAI consumer opt-out or the DAA opt-out page. These resources are also available under “Your Choices” in the Microsoft Online Advertising Privacy Statement.
The legal basis for this is your consent to the use of “Advertising” cookies. Cookie preferences can be controlled at the bottom of every page via the “Cookie Settings” link.
§ 5. Cookies
§ 5.1. What are cookies?
When you visit a website, small bits of data are stored in files on your computer. These are cookies. Cookies usually contain a unique identification number which is stored on your computer and used by your browser when you use a website.
Cookies have various important use cases, but you would probably consider the vast majority of data attributed to a cookie as insignificant, such as your screen resolution and operating system.
Cookies usually do not contain information which you would deem important or sensitive, such as contact information or credit card details. However, even though the unique identification number in a cookie can be up to 128 random letters and numbers, this is still an identification number which is unique to you until it expires. As a result, it’s important that we look after it and tell you what cookies we use.
§ 5.2. Cookies that we use
- First Party Cookies
- Cookie consent and preferences storage
- User journey cookies, including pages visited
- Third Party Cookies
- Cookies set by Google Analytics to identify users and throttle request rate
Advertising and Remarketing
- Cookies set by service providers for the purpose of identifying interactions with adverts
Further information on the cookies set by our service providers can be found on their respective websites:
- Google Analytics, Google Optimize: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
- Google Ads, YouTube: https://policies.google.com/technologies/types
- Google Remarketing: https://developers.google.com/analytics/devguides/collection/analyticsjs/display-features
§ 5.3. Managing your cookie preferences
You can use our cookie manager tool to control the cookies which are set by TimeTac. This can be found in the footer of every page on our Website.
For cookies which are not directly set by TimeTac (third-party cookies), you can restrict cookies via your browser settings. Guides for how to do this in the most common browsers can be found here:
- Google Chrome: https://support.google.com/chrome/answer/95647
- Mozilla Firefox: https://support.mozilla.org/kb/cookies-information-websites-store-on-your-computer
- Safari: https://support.apple.com/kb/ph21411
- Microsoft Edge: https://privacy.microsoft.com/windows-10-microsoft-edge-and-privacy
You can prevent the tracking of website usage data (inclusive of IP address) via the cookies set by Google LLC as well as hindering the processing of this data by installing the following browser plugin: https://tools.google.com/dlpage/gaoptout.
Please note that preventing the setting of cookies will severely reduce your browsing experience and the functionality of websites. Preventing the setting of cookies will not remove display advertising from your browsing experience, rather that you will see non-targeted display advertisements which will be more frequently repeated.
§ 6. Your data
§ 6.1. How you can access your data
You are legally entitled to know which personal data we process relating to you. This could include any CRM records from trial accounts you created or support tickets you raised with us. You can make a request for such data via e-mail to firstname.lastname@example.org
In such requests, please inform us of:
- Your full name and contact e-mail address
- A description of the data you are requesting
- Any additional identifiers we can use to find your data
- A copy of a current and valid photographic ID, such as a passport
From the date that all of the above information is received, we will endeavour to process your request as soon as possible. Please note that such requests may take up to the statutory 30 day time limit for processing.
§ 6.2. Your rights regarding your data
As a Visitor of our Website, you have the following rights:
- Right of access (Art 15 GDPR): You have the right to ask TimeTac GmbH for confirmation of your personal information being processed. In addition, you have the right to further information about the specific processing purposes, categories of personal data, recipients or categories of recipients of personal data, retention period, the existence of a right to deletion or correction of your personal data or restriction of processing and the right to object processing, the existence of the right to complain and all available information about the origin of your data.
- Right to rectification (Art 16 GDPR): You have the right to request that TimeTac GmbH correct your personal information without delay. This right includes the correction of incorrect data and the completion of incomplete personal data.
- Right to erasure (Art 17 GDPR): You have the right to demand the deletion of your personal data from TimeTac GmbH immediately, provided that the reasons stated in Art 17 (1)(a) to (f) GDPR and the processing of your personal data is not is required.
- Right to restriction of processing (Art 18 GDPR): In the cases mentioned in Art. 18 GDPR (e.g. incorrectness of the processed personal data, unlawfulness of the processing, etc.), you also have the right to demand TimeTac GmbH to restrict processing.
- Right to data portability (Art 20 GDPR): You have the right to receive the personal data relating to you provided to TimeTac GmbH in a structured, common format and to require TimeTac GmbH to assign that data to another person (e.g. another provider of market proven and fully customizable solutions for employee time tracking, project time tracking, leave management and shift planning).
- Right to object (Art 21 GDPR): You have the right to object at any time to the processing of your personal data processed through this website.
- Revocation of consent (Art 7 GDPR): You have the possibility to revoke any consent given to TimeTac GmbH at any time.
- Right to complain: in addition, you can at any time make a complaint to the Austrian Data Protection Authority:
Telephone: +43 1 521 52-25 69
E Mail: email@example.com
With the exception of the right to complain to the Austrian Data Protection Authority, you can assert your data subject rights directly to TimeTac GmbH at the following address:
Am Eisernen Tor 1
§ 7. Changes
§ 8. Questions
§ 9. Contact
Our up-to-date contact details can be found at: https://www.timetac.com/en/contact/
Our Data Protection Officer is:
Name: Mag. Philipp Reinisch, LL.M.
Effective date: 16th April 2020