Timemocha

Privacy Policy

TimeMocha Privacy Policy

Last updated: 23th January2024

TimeMocha ("TimeMocha") provides this Privacy Policy to inform you of our policies and procedures regarding the collection, use and disclosure of information through https://timemocha.ddns.net(the "Site"), and any other websites, features, applications, widgets or online services that are owned or controlled by TimeMocha and that post a link to this Privacy Policy (together with the Site, the "Service"), as well as any information TimeMocha collects offline in connection with the Service. It also describes the choices available to you regarding the use of, your access to, and how to update and correct your personal information. Note that we combine the information we collect from you from the Site, through the Service generally, or offline.

This Privacy and Personal Data Protection Policy is issued to all our previous clients, existing clients and future prospective clients pursuant to the Personal Data Protection Act 2010 ("the Act") which came into effect on 15th November 2013. During your dealings with us or in past dealings, we will be requesting or would have requested from you information about yourself, your organisation related information which is collected, stored, used and processed from time to time necessary for us to deliver our services to you via our Site, or Site(s).

When your account is provided by an organisation you are affiliated with, such as your work, TimeMocha's processing of your personal data in connection with our products is governed by a contract between TimeMocha and your organisation. If your organisation provides your TimeMocha account, your use of our products is also subject to your organisation's policies, if any. If you have questions about TimeMocha's privacy policies, including any requests to exercise your data protection rights, processing of your personal data in connection with our products provided to your organisation, please contact your organisation's administrator. TimeMocha is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.

1. INFORMATION COLLECTION

Users of the Service may be Client Organisations, Client Staff, Managed Services Staff, Public Users

Information You Provide to Us:

• Personal Information: In the course of using the Service, we may require or otherwise collect information that identifies you as a specific individual and can be used to contact or identify you ("Personal Information"). Examples of Personal Information include your name, email address, company address,and phone number.
• Payment Information: If you use the Service to make or receive payments, we will also collect certain payment information, such as credit card or other financial account information, and billing address.
• Identity Verification: We may collect Personal Information, such as your date of birth or taxpayer identification number, to validate your identity or as may be required by law, such as to complete tax filings. We may request documents to verify this information, such as a copy of your government-issued identification or photo or a billing statement.
• Biometric Identifiers or Service Interaction Information: We may collect Personal Information such as a photograph of your face, a selfie, or data about your interactions with the Service to verify your identity and to detect fraud, identity theft, or other misuse of your account through the use of facial recognition and other technologies. We may request documents to verify this information, such as a copy of your government-issued identification. The biometric identifiers or information collected are used only for identity verification and platform security and use integrity purposes.
• Non-Identifying Information/Usernames: We also may collect other information, such as zip codes, demographic data, information regarding your use of the Service, and general services-related data ("Non-Identifying Information"). We may aggregate information collected from TimeMocha registered and non-registered users ("TimeMocha Users"). In some cases, we may render Personal Information (generally, email address) into a form of Non-Identifying Information referred to in this Privacy Policy as "Hashed Information". This is typically accomplished using a mathematical process (commonly known as a hash function) to convert information into a code. The code does not identify you directly, but it may be used to connect your activity and interests.
• Combination of Personal and Non-Identifying Information: Certain Non-Identifying Information would be considered a part of your Personal Information if it were combined with other identifiers in a way that enables you to be identified (for example, combining information with your name). But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences). We may combine your Personal Information with Non-Identifying Information, but TimeMocha will treat the combined information as Personal Information.

You do not have a statutory obligation to provide us with any information, but you may have a contractual obligation to do so, and if we do not receive certain information from you, then we will not be able to provide our Service to you. If you have any questions regarding whether provision of information is mandatory and the consequences for withholding such information, please contact us using the contact information below.

Information Collected Automatically

We and our third-party service providers, including analytics and third-party content providers, may automatically collect certain information from you whenever you access or interact with the Service. This information may include, among other information, the browser and operating system you are using, the URL or advertisement that referred you to the Service, the search terms you entered into a search engine that led you to the Service, areas within the Service that you visited, which links you clicked on, which pages or content you viewed and for how long, other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages and other information commonly shared when browsers communicate with websites. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, and to improve marketing, analytics, and site functionality.

The information we collect also includes the Internet Protocol ("IP") address or other unique device identifier ("Device Identifier") for any device (computer, mobile phone, tablet, etc.) used to access the Service. A Device Identifier is a number that is automatically assigned or connected to the device you use to access the Service, and our servers identify your device by its Device Identifier. Some mobile service providers may also provide us or our third-party service providers with information regarding the physical location of the device used to access the Service.

TimeMocha and its partners use cookies or similar technologies to analyse trends, administer the website, track users' movement around the websiteand to gather demographic information about our user base as a whole. The technology used to collect information automatically from TimeMocha Users may include the following:

• Cookies: Like many websites, we and our marketing partners, affiliates, analytics, and service providers use "cookies" to collect information. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes. We use both persistent cookies that remain on your computer or similar device (such as to save your registration ID and login password for future logins to the Service and to track your compliance with the TimeMocha Terms of Service) and session ID cookies, which expire at the end of your browser session (for example, to enable certain features of the Service, to better understand how TimeMocha Users interact with the Service and to monitor aggregate usage by TimeMocha Users and web traffic routing on the Service). You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functionality of the Service.

In addition, we and our marketing partners, affiliates, analytics, and service providers may use a variety of other technologiesthat collect similar information for security and fraud detection purposes, and we may use third parties to perform these services on our behalf.

User Profiles

Your organisation would have created the basis of your User Profile in order that the Site is able to provide to you the services as contracted by your organisation. This profile will include the necessary human resources related data, which you may or may not be able to edit depending on your organisation's contract with us. This user profile also includes your username ("Profile"). The information in your Profile is not generally visible to other TimeMocha Users and will only be selectively made available as necessary to provide the services that we are contracted to do.

2. USE OF INFORMATION

WE USE INFORMATION WE COLLECT:

• To provide and improve the Service, complete your transactions, address your inquiries, process your registration, verify the information you provide is valid, and for compliance and internal business purposes.

• To contact you with administrative communications and TimeMocha newsletters, marketing or promotional materials (on behalf of TimeMocha or third parties) and other information that may be of interest to you.
• To tailor content we display to you and offers we may present to you, both on the Service and elsewhere online.
• To enforce and comply with the law, including to conduct an investigation, to protect the property and rights of TimeMocha or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, fraudulent, unethical or legally actionable activity. We may also use Device Identifiers to identify TimeMocha Users.

• For the purposes disclosed at the time you provide your information, with your consent, and as further described in this Privacy Policy.

We use your Personal Information for the purposes described above:

• To Honour Our Contractual Commitments to You or your Organisation. Much of our processing of Personal Information is to meet our contractual obligations to our investors, or to take steps at Users' request in anticipation of entering into a contract with them.
• For Our Legitimate Interests. In many cases, we handle Personal Information on the grounds that it furthers our legitimate interests in commercial activities, such as the following, in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
• Providing our Site and Service.
• Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
• Measuring interest and engagement in our Services.
• Improving, upgrading, or enhancing our Services.
• Developing new products and services.
• Ensuring internal quality control and safety.
• Authenticating and verifying individual identities.
• Debugging to identify and repair errors with our Services.
• Auditing relating to interactions, transactions and other compliance activities.
• Enforcing our agreements and policies.
• Analysing and improving our business.
• Communications, including marketing and responding to your enquiries about our services.
• Addressing information security needs and protecting our Users, TimeMocha, and others.
• Managing legal issues. To Comply with Legal Obligations. We need to use and disclose Personal Information in certain ways to comply with our legal obligations.

3. DATA RETENTION

Unless you request that we delete certain information, we retain government-issued identification documents you submit to verify your identity, selfies you may submit to verify your identity, a copy of the headshot image from your identity document, and other information we collect for the length of time as agreed with your Organisation. Your information may persist in copies made for backup and business continuity purposes for additional time. If you choose to provide us with additional Personal Information, we encourage you to routinely update the data to ensure that we have accurate and up-to-date information about you.

4. INFORMATION SHARING AND DISCLOSURE

We may share aggregated Non-Identifying Information and we may otherwise disclose Non-Identifying Information (including, without limitation, Hashed Information) to third-parties. We do not share your Personal Information with third-parties for those third-parties' additional services purposes unless we first provide you with the opportunity to opt-in to or opt-out of such sharing. We may also share the information we have collected about you, including Personal Information, as disclosed at the time you provide your information, with your consent, as otherwise described in this Privacy Policy, or in the following circumstances:

• Service Providers: We may employ third-party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services (e.g., without limitation, maintenance services, database management, web analytics and online advertising, payment processing, fraud detection and improvement of TimeMocha's features) or to assist us in analysing how our Service is used. These third parties may have access to your Personal Information in order to perform these tasks on our behalf.

• What Happens If You Agree to Receive Information from Third-Parties or Request that We Share Your Information: You may be presented with an opportunity to receive information and/or marketing offers from one or more third parties. If you agree at that time to have your Personal Information shared, your Personal Information will be disclosed to that third-party (or parties) and will be subject to the privacy policy and practices of that third-party. We are not responsible for the privacy policies and practices of third-parties, and, if you later decide that you no longer want to receive communications from a third-party, you will need to contact that third-party directly.
• Legal and Investigative Purposes: TimeMocha will share information with government agencies as required by law in response to lawful requests by public authorities, including to meet national security or law enforcement requirements and, including without limitation, in connection with reporting earnings. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), or, at the request of governmental authorities or other third parties conducting an investigation where we determine in our sole discretion the disclosure is necessary to (a) protect the property and rights of TimeMocha or a third party, (b) protect the safety of the public or any person, or (c) prevent or stop activity we may consider to be, or pose a risk of being, illegal, fraudulent, unethical or legally actionable activity.

5. THIRD PARTY ANALYTICS PROVIDERS, AD SERVERS AND SIMILAR THIRD PARTIES

TimeMocha may in the future work with network advertisers, ad agencies, analytics service providers and other vendors to provide us with information regarding traffic on the Service, including pages viewed and the actions taken when visiting the Service; to serve our advertisements on other websites, within mobile apps and elsewhere online; and to provide us with information regarding the use of the Service and the effectiveness of our advertisements. Our service providers may collect certain information about your visits to and activity on the Service as well as other websites or services, they may set and access their own tracking technologies on your device and may use that information to show you targeted advertisements. We may share certain Non-Identifying Information with these parties, including Hashed Information, in connection with the services they provide to us.

6. THIRD-PARTY SITES

The Web may contain links to third-party web sites ("Third-Party Sites") and third-party content ("Third-Party Content") as a service to those interested in this information. You may use the links to Third-Party Sites, and any Third-Party Content therein, at your own risk. We do not monitor or have any control over, and make no claim or representation regarding, Third-Party Content or Third-Party Sites. We provide these links only as a convenience, and a link to a Third-Party Site or Third-Party Content does not imply our endorsement, adoption or sponsorship of, or affiliation with, such Third-Party Site or Third-Party Content.

7. YOUR CHOICES AND RIGHTS

Communication Preferences.

• Registered TimeMocha Users may update their choices regarding the types of communications you receive from us through your online account.
• You may opt-out of receiving marketing emails from us by following the opt-out instructions provided in those emails. Please note that we reserve the right to send you certain communications relating to your account or use of the Service (for example, administrative and service announcements) via email and other means and these transactional account messages may be unaffected if you opt-out from receiving marketing communications.
• Registered TimeMocha Users who access the Service by using certain desktop browsers may, with permission, receive push notifications. Notification preferences can be modified in the settings menu for the applicable browser.

Data Subject Rights.

In accordance with applicable law, you may have the right to:

• Access Personal Information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information.
• Request Correction of your personal information where it is inaccurate, incomplete or outdated. In some cases, you can update your personal information within your TimeMocha account. Some of these information may not be updated without consent of your employer Organisation, which we advise accordingly upon request. On rare occasions, we may at our discretion allow for the corrections.
• Request Deletion, Anonymization or Blocking of your personal information when processing is based on your consent or when processing is unnecessary, excessive or noncompliant. Note that we can only perform these requests with consent of your employer Organisation, or on rare occasions, at our discretion.
• Request Restriction of or Object to our processing of your personal information when processing is noncompliant. Note that we can only perform these requests with consent of your employer Organisation, or on rare occasions, at our discretion.
• Withdraw your Consent to our processing of your personal information. If you refrain from providing personal information or withdraw your consent to processing, some features of our Service may not be available. Note that we can only perform these requests with consent of your Organisation, or on rare occasions, at our discretion.
• Be informed about third-parties with which your personal information has been shared.
• Request the review of decisions taken exclusively based on automated processing if that could affect data subject rights.

We will use commercially reasonable efforts to honour your requests for deletion; however, certain information will actively persist on the Service even if you close your account. In addition, the rights described above may be limited, for example, if fulfilling your request would reveal personal information about another person, or if you ask us to delete information, we are required by law to keep or have compelling legitimate interests in keeping (such as for fraud prevention purposes and our contractual obligations with your employer Organisation). Your Personal Information may remain in our archives and information you update or delete, or information within a closed account, may persist internally for our administrative purposes, to the extent permitted by law. In addition, we typically will not remove information you posted publicly through or on the Service. Bear in mind that neither you nor TimeMocha can delete all copies of information that has been previously shared with others on the Service.

8. INTERNATIONAL TRANSFERS OF PERSONAL DATA

Your Personal Data may be transferred from country, state and city ("Home Country") in which you are present while using our Services to another country, state and city ("Alternate Country").

When we transfer your Personal Data from your Home Country to the Alternate Country, we will comply with our legal and regulatory obligations in relation to your Personal Data, including having a lawful basis for transferring Personal Data and putting appropriate safeguards in place to ensure an adequate level of protection for the Personal Data. We will also ensure that the recipient in Alternate Country is obliged to protect your Personal Data at a standard of protection comparable to the protection under applicable laws.

Our lawful basis will be either consent (i.e. we may ask for your consent to transfer your Personal Data from your Home Country to the Alternate Country at the time you provide your Personal Data) or one of the safeguards permissible by laws.

9. SECURITY

TimeMocha takes commercially reasonable steps to help protect and secure the information it collects and stores about TimeMocha Users. All access to the Site is encrypted using industry-standard transport layer security technology ("TLS"). When you enter sensitive information (such as tax identification number), we encrypt the transmission of that information using secure socket layer technology ("SSL"). We also use HTTP strict transport security to add an additional layer of protection for our TimeMocha Users. But remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while we strive to protect your Personal Information, TimeMocha cannot ensure and does not warrant the security of any information you transmit to us.

10. PHISHING

Phishing websites imitate legitimate websites in order to obtain personal or financial information. Identity theft and the practice currently known as "phishing" are of great concern to TimeMocha. In addition, if you believe you have received an email or had a similar interaction with a third party pretending to be TimeMocha, please report it to support@commonarcs.com.

11. CHANGES TO THIS POLICY

TimeMocha may update this Privacy Policy at any time and any changes will be effective upon posting. In the event that there are substantial changes to the way we treat your Personal Information, we will display a notice through the Services prior to the change becoming effective. We may also notify you by email, at our discretion. However, we will use your Personal Information in a manner consistent with the Privacy Policy in effect at the time you submitted the information, unless you consent to the new or revised policy.

12. CONTACTING US

If you have any queries about this Policy or would like to exercise your rights set out in this Policy, please contact our Data Protection Officer at support@commonarcs.com.

The original of this Policy is written in the English language. In the event of any conflict between the English and other language versions, the English version shall prevail.