Privacy Policy

§ 1. Introduction

We make the security and protection of your data a priority, whether it is your personal data, data relating to your company or any information regarding you as an employee of your company.

The following explanation will provide you with an overview of the protection and usage of your data. This applies to those processes where we operate as the data controller, deciding what happens with your data.

Usage of our software applications are governed by our General Terms and Conditions and Data Processing Agreement. For matters relating to the software applications, the data controller is your employer. If you would like more information about how your data is used and protected when using our software application, please visit the Data Protection and Security section of our website.

Under no circumstances will your personal data be sold, leased or released in any other commercial manner.

Please note that we cannot guarantee the availability of and are not responsible for the content of external websites.

§ 2. Definitions

"Controller" as per Art 4. (7) GDPR for the Website https://www.timetac.com is the company TimeTac GmbH.

"TimeTac GmbH", "we", "us" and "our" refer to the company of TimeTac GmbH, registered at the following address:
Schmiedgasse 31, 8010 Graz, Austria.

"Customer" refers to an individual and their organisation which are currently users of the TimeTac application.

"Visitors" refer to the users of our website, to whom this Privacy Policy applies. We may refer to visitors herein with "you" and "your".

"Software" refers to our web application provided under the sub-domain of go.timetac.com.

"Service" refers to the products that we offer, including additional performance activities in marketing, sales, support and development.

"Website" refers to the address of https://www.timetac.com and its sub-pages.

§ 3. How we collect and use your data

We process your data solely on the basis of the legal provisions [Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Austrian Data Protection Act 2018 as amended by the Austrian Data Protection Deregulation Act (DSG 2018), Austrian Telecommunications Act 2021 (TKG 2021)].

§ 3.1. Information we collect when you visit our Website ("Usage Data")

When you view our website, we collect and log certain events in our server access and error logs. This usually includes a description of an interaction, such as a failed attempt to access a certain page, and is attributed to your IP address. This data is collected by the internal logging systems on our web server.

Additionally, when you visit our Website, we process information about your interactions with our Website. The purpose of this data collection is to gain an understanding of our visitors and how they behave on our Website. This gives us useful insights, ranging from what content appears to be read most frequently, to which menu options are clicked. By collecting this information, we can continually work to improve our Website content and optimise our user experience for our Visitors.

The legal basis for this processing is our legitimate interest to prevent malicious attacks on our servers and to understand how visitors interact with our website, to then offer the best content and user experience possible.

The data we collect includes:

  • Online identifiers, including IP address and cookie identifiers
  • Screen resolution
  • Device type, such as desktop or smartphone
  • Geographic location, obtained from the IP address
  • Language preference
  • Mouse events, such as movements and clicks on navigation links
  • Pages visited and time spent on each page
  • Events, tracking what we determine to be Key Performance Indicators (KPIs), such as signing up for a trial account of our software

This data is collected by our internal logging systems, as well as Google Analytics (See section § 4.). Internal access and error log records are deleted after 1 month. Analytics data stored by Google Analytics are deleted after 26 months.

§ 3.2. Information we collect when you sign up for a free trial account of our software application ("Interest data")

When you sign up for a trial account of our software application on our Website, we process information to maintain a record of those Visitors that became customers of our software. This is an essential process in beginning a business relationship with our Visitors. This information is collected during your visit to our Website as well as information you directly provide us with via the trial account sign up form.

This data includes:

  • Name
  • Company name
  • E-Mail address
  • Pages visited
  • Language preference
  • Product interests
  • Time zone

This information is stored in our Customer Relationship Management (CRM) application (See § 4.). The legal basis for this is our legitimate interest to maintain records of who we maintain business relationships with.

We will also use this data for generating your desired trial account. The usage of the software application found on go.timetac.com is governed by our General Terms and Conditions and Data Processing Agreement.

We may also use your information for direct marketing purposes, such as informing you via e-mail of product updates or services that may compliment your chosen solutions. We may contact you via e-mail or telephone as part of our service to further discuss your requirements in our advertised solutions and optimally setup your account during your trial phase.

The legal basis for this is your consent to these Privacy Policy terms when signing up for a trial account of our software.

If you are not a customer of TimeTac and there has been no further interaction between our parties, then we will delete this interest data after 2 years. This time frame allows us to match any interactions or communication between our parties to your account record.

§ 3.3. Information we collect when you contact us via our contact form, e-mail or telephone ("Enquiry data")

When you contact us via a contact form on our website, via e-mail or via telephone, we will process information you provide us for the purpose of providing services to you and contacting you regarding your enquiry, whether this be answering initial enquiries regarding our software or providing after-sales support.

The legal basis for this processing is our legitimate interest to provide you with the service you expect after such an enquiry.

This enquiry data is managed within our CRM and Support Ticketing system. If you are not a customer of TimeTac and there has been no further interaction between our parties, then we will delete this Enquiry data after 2 years. This time frame allows us to trace any previous enquiries you have made, should your interest in our application arise once again.

§ 3.4. Information we collect when you sign up for a webinar ("Webinar data")

When you sign up for a webinar in which we remotely present the features of the software to the viewers, we will process your information for providing you access to the webinar, for maintaining a record of webinar attendees and for analytical purposes, to see which webinars were most successful.

This data is recorded within our CRM application and transactional e-mail application.

We may also use your information for direct marketing purposes, such as informing you via e-mail of product updates or services that may compliment your chosen solutions.

The legal basis for this is your consent to these Privacy Policy terms when signing up for a free webinar.

If you are not a customer of TimeTac and there has been no further interaction between our parties, then we will delete this Webinar data after 2 years. This time frame allows us to trace any previous interest you have shown in our application, should your interest in our application arise once again.

§ 3.5. Miscellaneous

In addition to those purposes listed above, we may also process any data collected from you or provided by you when required to comply with a legal obligation to which we are subject, to protect your vital interests or to protect the vital interests of another person. We may also disclose your information where disclosure is necessary for the establishment, exercise or defence of legal claims.

We may share your data with any current or future member group of our company, including subsidiaries and holding companies insofar as necessary to for the purposes within this policy.

§ 4. Services and providers that we use

In order to provide the best solutions and services possible, we need to rely on partners that can offer their specialised skills to assist with our business operations. The following are our partners which help us with our operations, and which services they provide us with:

  • Host Europe GmbH, Hansestr. 111, 51149 Cologne, Germany
    • Website Hosting
  • Zoho Corporation B. V., Hoogoorddreef 15, 1101BA Amsterdam, Netherlands
    • CRM, Ticketing System
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    • Advertising, Website Analytics, Website Optimisation
  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
    • Advertising
  • Usercentrics A/S, Havnegade 39, 1058 Kopenhagen, Denmark
    • Cookie-Settings
  • Mailjet SAS, 4 rue Jules Lefebvre, 75009 Paris, France
    • Transactional Emails
  • Onlyfy by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
    • Jobportal

§ 4.1. Google Analytics

This website uses Google Analytics, a web analytics tool offered by Google Ireland Limited. The data collected about your usage of this website (§ 3.1.) is attributed to a unique identification number stored in a cookie, known as a Client ID. On every website where Google Analytics collects data about visitors, a new, unique identifier is created. This allows for analysis of such things as the number of pages a visitor viewed, or whether a visitor returns to you website later. Your identity is not associated with this Client ID.

The IP anonymisation feature of Google Analytics is active for this Website. Your IP address is visible to every website you visit, but this anonymisation feature results in your IP address being truncated before being stored on Google servers. Truncating your IP address allows us and Google to gain an insight as to where you are visiting from (usually city and country), but does not allow a more precise identification of your location.

For a greater insight as to how Google uses your data, see their explanation on how Google uses data when you use partners' sites. If you are interested in the steps Google take to safeguard your data, then you can find further information in their security and privacy principles.

The legal basis for this is your consent to the use of "Statistics" cookies. Cookie preferences can be controlled at the bottom of every page via the "Cookie Settings" link.

§ 4.2. Google Optimize

We use Google Optimize, a service which combines with our usage of Google Analytics, both from Google Ireland Limited. While Google Analytics allows us to analyse user experiences with our Website, Google Optimize allows us to test different versions of our Website against each other to see if we can improve our user experience. This is often referred to as A/B testing.

The data collected is within the same scope of Google Analytics when you visit our website (See § 3.1 and § 4.1).

The legal basis for this is your consent to the use of "Statistics" cookies. Cookie preferences can be controlled at the bottom of every page via the "Cookie Settings" link.

§ 4.3. Google Ads

We use the Google Ads online advertising program, offered by Google Ireland Limited, to serve text and visual advertisements of our products and services. We utilise the conversion tracking feature of Ads. If you click on a search or display advertisement of Google, cookies for conversion tracking will be set on your computer. These cookie do not serve to personally identify an individual and are automatically deleted after 30 days.

The information stored within the conversion tracking cookies serves to provide reporting features to customers of Google Ads. We receive information regarding the number of Website visitors which clicked on a particular advertisement and resulted in a conversion on our Website. These conversions are KPIs from our perspective, such as signing up for a free trial account of our application. This conversion data allows us to analyse the effectiveness of our adverts and provide more appealing content.

Please refer to Google’s guide on conversion tracking for further information.

The legal basis for this is your consent to the use of "Statistics" cookies. Cookie preferences can be controlled at the bottom of every page via the "Cookie Settings" link.

§ 4.4. Google Remarketing

We use the remarketing functionality of Google Ireland Limited on this website. This is to be considered an Advertising Feature of Google Ads (See section § 4.3.). Remarketing allows us to show personalised, interest appropriate display advertisements to the visitors of our website if they subsequently visit another website within the Google Display Network or Google Search Network. If you visit our website, a cookie for the purpose of remarketing is set on your device. These cookies do not serve to personally identify an individual and are automatically deleted after 30 days. We receive anonymised data regarding website usage, which are used as a basis for the creation of interest focused display advertisements. Advertisements will be displayed if you visit another site within the Google Display Network or Google Search Network. These advertisements will have a high probability of displaying appropriate information or products relating to previously visited websites, such as ours.

You can opt-out of such Google Analytics Advertising Features by editing your Ad Settings directly with Google.

The legal basis for this is your consent to the use of "Statistics" cookies. Cookie preferences can be controlled at the bottom of every page via the "Cookie Settings" link.

§ 4.5. Zoho

As every business does, we need a record of our customers so we can maintain effective communication. We utilise the CRM and Support Ticketing solutions from Zoho Corporation B. V.. The data stored here is related to your free trial account of our software, any communication with our organisation and registration for webinars (See § 3.2., § 3.3. and § 3.4.).

If you additionally visited our Website through the Google Ads online advertising program (See § 4.3), we will send the Google Click ID (GCLID) to Zoho. This allows us to see the success of advertising campaigns that converted to customers. The legal basis for this is your consent to the use of "Advertising" cookies. Cookie preferences can be controlled at the bottom of every page via the "Cookie Settings" link.

The legal basis for this is your consent to the use of "Marketing" cookies. Cookie preferences can be controlled at the bottom of every page via the "Cookie Settings" link.

§ 4.6. YouTube

We host videos relating to our products and services with the renowned media streaming platform YouTube. We use the privacy-enhanced mode for these embedded videos. Privacy-enhanced mode allows us to embed YouTube videos without cookies being set to track viewing behaviour. This means that viewing activity isn't collected to personalise the viewing experience. Instead, video recommendations are contextual and related to the currently played video. Videos playing in a privacy-enhanced mode embedded player won't influence your browsing experience on YouTube. If you decide to watch one of these videos, then you are doing so in connection with the Privacy Policy from YouTube: https://policies.google.com/privacy

§ 4.7. Bing Ads

We use the Microsoft Ads online advertising program, offered by Microsoft Corporation, to serve text and visual advertisements of our products and services. We utilise the conversion tracking feature of Ads. If you click on a search advertisement of Bing, cookies for conversion tracking will be set on your computer. These cookies do not serve to personally identify an individual and are automatically deleted after 30 days.

The information stored within the conversion tracking cookies serves to provide reporting features to customers of Bing Ads. We receive information regarding the number of Website visitors which clicked on a particular advertisement and resulted in a conversion on our Website. These conversions are KPIs from our perspective, such as signing up for a free trial account of our application. This conversion data allows us to analyse the effectiveness of our adverts and provide more appealing content.

Please refer to Microsoft’s guide on conversion tracking for further information.

Third-party cookies can usually be managed by the tools provided by those parties. Some of such tools are available here: NAI consumer opt-out or the DAA opt-out page. These resources are also available under "Your Choices" in the Microsoft Online Advertising Privacy Statement.

The legal basis for this is your consent to the use of "Statistics" cookies. Cookie preferences can be controlled at the bottom of every page via the "Cookie Settings" link.

§ 4.8. LinkedIn Campaigns

We use the LinkedIn Campaigns advertising program, offered by LinkedIn Ireland Unlimited Company, to serve text and visual advertisements of our products and services. We utilise the conversion tracking feature of LinkedIn Campaigns. If you click on an advertisement of LInkedIn, cookies for conversion tracking will be set on your computer. These cookie do not serve to personally identify an individual and are automatically deleted after 30 days.

The information stored within the conversion tracking cookies serves to provide reporting features to customers of LinkedIn Campaigns. We receive information regarding the number of Website visitors which clicked on a particular advertisement and resulted in a conversion on our Website. These conversions are KPIs from our perspective, such as signing up for a free trial account of our application. This conversion data allows us to analyse the effectiveness of our adverts and provide more appealing content.

We use the retargeting functionality of LinkedIn Unlimited Company on this website. Remarketing allows us to show personalised, interest appropriate display advertisements. If you visit our website, a cookie for the purpose of remarketing is set on your device. These cookies do not serve to personally identify an individual and are automatically deleted after 30 days.

Further information can be found here: https://www.linkedin.com/legal/privacy-policy

The legal basis for this is your consent to the use of “Statistics” cookies. Cookie preferences can be controlled at the bottom of every page via the “Cookie Settings” link.

§ 4.9. Vimeo

We use Vimeo, provided by Vimeo.com, Inc.; 330 West 34th Street, 5th Floor; New York, New York 10001, USA, to embed videos on our website to show video content.

Further information about data protection at Vimeo can be found here: https://vimeo.com/privacy

The legal basis for this is your consent to the use of “Statistics” cookies. Cookie preferences can be controlled at the bottom of every page via the “Cookie Settings” link. Furthermore, the transfer of personal data is secured by Standard Contractual Clauses.

§ 4.10. Hotjar

We use Hotjar, provided by Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, to collect usage data in order to improve our website. Hotjar helps us in analyzing which parts of our website are most often used and clicked.

Further information regarding data protection at Hotjar can be found here: https://www.hotjar.com/legal/policies/privacy/

The legal basis for this is your consent to the use of “Statistics” cookies. Cookie preferences can be controlled at the bottom of every page via the “Cookie Settings” link.

§ 4.11. Leadrebel

We use Leadrebel, provided by Pulserio AG, Wassergrabe 3, 6210 Sursee, Switzerland, to optimize our sales process.

Further information regarding data protection and Leadrebel can be found here: https://leadrebel.io/privacy/

The legal basis for this is your consent to the use of “Marketing” cookies. Cookie preferences can be controlled at the bottom of every page via the “Cookie Settings” link.

§ 4.12. Capterra

We use Capterra, provided by Capterra, Inc., 1201 Wilson Blvd, 9th Floor, Arlington, VA 22209, USA to analyse conversions on our website.

Further information regarding Data Protection at Capterra can be found here: https://www.capterra.com/legal/privacy-policy/

The legal basis for this is your consent to the use of “Marketing” cookies. Cookie preferences can be controlled at the bottom of every page via the “Cookie Settings” link. Furthermore, the transfer of personal data is secured by Standard Contractual Clauses.

§ 4.13. Google ReCaptcha

We use ReCaptcha, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, in order to protect our website against spam attacks. Google ReCaptcha provides the possibility to check wheather a bot or a human stands behind some action on our website (e.g. in the contact form). This way we can make sure to be protected against spam flooding.

Further information about Data Protection at Google can be found here: https://policies.google.com/privacy

The legal basis for this is your consent to the use of “Marketing” cookies. Cookie preferences can be controlled at the bottom of every page via the “Cookie Settings” link. Furthermore, the transfer of personal data is secured by Standard Contractual Clauses.

§ 5. Cookies

§ 5.1. What are cookies?

When you visit a website, small bits of data are stored in files on your computer. These are cookies. Cookies usually contain a unique identification number which is stored on your computer and used by your browser when you use a website.

Cookies have various important use cases, but you would probably consider the vast majority of data attributed to a cookie as insignificant, such as your screen resolution and operating system.

Cookies usually do not contain information which you would deem important or sensitive, such as contact information or credit card details. However, even though the unique identification number in a cookie can be up to 128 random letters and numbers, this is still an identification number which is unique to you until it expires. As a result, it’s important that we look after it and tell you what cookies we use.

§ 5.2. Cookies that we use

§ 6. Your data

§ 6.1. How you can access your data

You are legally entitled to know which personal data we process relating to you. This could include any CRM records from trial accounts you created or support tickets you raised with us. You can make a request for such data via e-mail to dataprotection@timetac.com

In such requests, please inform us of:

  • Your full name and contact e-mail address
  • A description of the data you are requesting
  • Any additional identifiers we can use to find your data
  • A copy of a current and valid photographic ID, such as a passport

From the date that all of the above information is received, we will endeavour to process your request as soon as possible. Please note that such requests may take up to the statutory 30 day time limit for processing.

§ 6.2. Your rights regarding your data

As a Visitor of our Website, you have the following rights:

  • Right of access (Art 15 GDPR): You have the right to ask TimeTac GmbH for confirmation of your personal information being processed. In addition, you have the right to further information about the specific processing purposes, categories of personal data, recipients or categories of recipients of personal data, retention period, the existence of a right to deletion or correction of your personal data or restriction of processing and the right to object processing, the existence of the right to complain and all available information about the origin of your data.
  • Right to rectification (Art 16 GDPR): You have the right to request that TimeTac GmbH correct your personal information without delay. This right includes the correction of incorrect data and the completion of incomplete personal data.
  • Right to erasure (Art 17 GDPR): You have the right to demand the deletion of your personal data from TimeTac GmbH immediately, provided that the reasons stated in Art 17 (1)(a) to (f) GDPR and the processing of your personal data is not is required.
  • Right to restriction of processing (Art 18 GDPR): In the cases mentioned in Art. 18 GDPR (e.g. incorrectness of the processed personal data, unlawfulness of the processing, etc.), you also have the right to demand TimeTac GmbH to restrict processing.
  • Right to data portability (Art 20 GDPR): You have the right to receive the personal data relating to you provided to TimeTac GmbH in a structured, common format and to require TimeTac GmbH to assign that data to another person (e.g. another provider of market proven and fully customizable solutions for employee time tracking, project time tracking, leave management and shift planning).
  • Right to object (Art 21 GDPR): You have the right to object at any time to the processing of your personal data processed through this website.
  • Revocation of consent (Art 7 GDPR): You have the possibility to revoke any consent given to TimeTac GmbH at any time.
  • Right to complain: in addition, you can at any time make a complaint to the competent Data Protection Authority: In Austria, this would be the "Österreichische Datenschutzbehörde", Barichgasse 40-42, 1030 Wien, dsb@dsb.gv.at, dsb@dsb.gv.at

With the exception of the right to complain to the Austrian Data Protection Authority, you can assert your data subject rights directly to TimeTac GmbH at the following address:

TimeTac GmbH, Schmiedgasse 31, 8010 Graz, Austria

datenschutz@timetac.com

§ 7. Changes

We may change this Privacy Policy from time to time. The effective date is listed at the bottom of this policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including posting a revised version of this Privacy Policy or other notice on the Website. We encourage you to review this Privacy Policy often to stay informed of changes that may affect you. The version on this page as of the given date is deemed to be the true, complete, valid, authentic, and enforceable copy of the Privacy Policy at the time of visit or usage. Historic versions of the Privacy Policy can be requested via e-mail from dataprotection@timetac.com.

§ 8. Questions

Your trust is important to us. We are happy to answer any questions you may have regarding the usage of your personal data. If you have any questions which this Privacy Policy did not cover, then please feel free to get in contact with us.

§ 9. Contact

Our up-to-date contact details can be found at: https://www.timetac.com/en/contact/

Our Data Protection Officer is:
Name: Mag. Philipp Reinisch, LL.M.
E-Mail: dataprotection@timetac.com

---

Effective date: 2nd March 2023