Security and Data Protection with TimeTac
The responsibility for looking after the data that our users generate is great, and that’s why we want to tell you what we do to protect that data. It is in everyone’s best interest that we do the most we can to ensure your information is safe, secure and protected.
The below sections will provide a better insight into the security and data protection practices at TimeTac.
Having experienced quite some other T&A tools, TimeTac is the most flexible and customized to our needs. The service is extraordinarily fast and uncomplicated. The use of the tool from admin and user view is very convenient and straightforward. We are absolutely satisfied and highly recommend TimeTac!
Merita Uka, HR, Samsung Electronics Switzerland GmbH
Data Center Security
We store your TimeTac data in data centers in Germany. Everybody knows that when it comes to data protection, Germany has been ahead of the rest for many years due to stricter data protection laws. We’ve followed these laws from neighbouring Germany since our beginning due to our loyal customer base there.
The necessary security measures are also in place there, which is the least you would expect when physically protecting what’s important to you. Physical access controls, electronic system access controls, fire detection, backup power generators and security patrols are amongst those measures to be found.
Our 2 data centres in Germany operate independently from one another, so in the incredibly unlikely event that one is not available, a backup of your account will be readily available to minimise disruption to your working day.
Security practices are present from the beginning. Whether that is the implementation of password policies or Single-Sign-On, we ensure that only the authorised user has access to that TimeTac account.
Personal data used within TimeTac is also kept to a minimum. Through various pseudonymisation techniques, we prevent the transit of personal data for unnecessary purposes.
When you provide us with your data, we also make sure that data is transmitted to us securely., via an SSL connection. When that data reaches our servers, the encryption at rest ensures that anyone without the necessary privileges to access that data cannot get their hands on it.
Protection of data doesn’t start and end with machines, but it also applies to the people behind those machines and the people who interact with you.
Employees only have access to the data they need for their job. Training schemes ensure data protection is understood within the company. Confidentiality agreements ensure that your data is handled with secrecy. Policies and employees are periodically reviewed to make sure everything and everyone is kept up to date with the latest standards.
Time management for Vier Pfoten was ensuring we adhered to the different regulations in the 11 countries where our 350 employees are based. TimeTac offers customised solutions which met all of our requirements, including mobile time tracking, detailed statistics and approval workflows for the management.
Josef Pfabigan, Vier Pfoten International
Frequently Asked Questions
Would you like to know more about what we do? Have a look at some of our commonly received questions below.
Naturally with any application you use to access the internet, a certain amount of personal data is processed. Simply providing a username or an e-mail address to access a service is considered to be processing personal data.
When using TimeTac, customers can provide additional data, such as the name of a user, to make the interaction with the application more personal. The exact personal data processed is governed by our Data Processing Agreement.
Data is stored for as long as it is needed by our customers. Our customer acts as the controller and must decide for what legal basis they process the data, including how long this should be retained for.
As regulations regarding the retention of records differ greatly from country to country, it would be unwise for us to state when data should be deleted. If a customer decides that data for a specific period is no longer needed, then this can be made known via e-mail to firstname.lastname@example.org.
Our Data Processing Agreement governs how long TimeTac keep data during and after the agreement for providing our services.
The Controller of the data processing is the owner of data within TimeTac. This Controller is our customer. We provide services to our customers where we process the data on their behalf in the form of our application. As a result, we are the processor in this business relationship.
The General Data Protection Regulation (GDPR) is a regulation from the European Union introducing unified rules for how data belonging to EU citizens is processed.
TimeTac have taken the necessary steps to comply with the General Data Protection Regulation. This includes the appropriate measures we take to protect data in technical and organisational means, as well as the documentation necessary to prove that we do this.
We also provide assistance to our customers when they execute their rights under the GDPR, such as the right to access what information we process about them.
The obligations of our customer and of us as a Processor are detailed within our Data Processing Agreement.
Yes. This agreement is the basis for processing of data between a controller (our customer) and a processor (TimeTac GmbH). You can find the latest version directly within your TimeTac account, by navigating to “Settings”, then “Account Management” and selecting the “Policies and Documents” tab.
If you would like to preview the document, you can do so here: https://www.timetac.com/en/company/data-processing-agreement/
Your TimeTac data is stored in Germany, in 2 data centers provided by Hetzner Online GmbH.
We do all we can to ensure your data is secure. Sending and receiving data to and from TimeTac can only occur via a secure connection. This data is also encrypted when it is stored on a hard drive. We don’t transfer data unnecessarily within the application. We also put numerous measures in place with regards to the best technical and organisational practices.
Yes. We encrypt your data at storage, as well as when you send that data to us via means of a secure connection.
If you have any questions regarding data protection in your company’s TimeTac account, then you should contact your account administrator within your organisation. If there are any questions which directly involve TimeTac as a processor, then feel free to get in touch via email@example.com.