In this policy we are the data controller, and when we say "we", “us”, “our”, we mean Timetastic Ltd. Company no. 09236149 .
Legal basis for processing personal data
We collect and process personal data so we can provide you with Timetastic, in line with our Terms of service .
We also collect and use personal data for our legitimate business interests. That is, so can run the day-to-day business of Timetastic – things like accounting, marketing, legal, security, fraud prevention, product updates and improvements.
And we also collect and use personal data where we need to comply with legal obligations.
What personal data do we collect?
When you visit our website or use Timetastic we collect different kinds of personal data, we’ve grouped them together as:
Identity Data: such as your first and last name.
Contact Data: such as your address, email address and phone numbers.
Financial Data: things like payment card, and details of the payments you make to us.
Technical Data: such as internet protocol (IP) address, device, operating system, browser type and version.
Profile Data: such as your Timetastic marketing, email, and display preferences, and any feedback or survey responses.
Usage Data: such as the pages you visit, the functions you use, dates and times, page response times, errors, duration of visit.
Location Data : we use an IP lookup service so that we can show pricing in the appropriate currency.
Aggregated Data: We also collect and use statistical data. When data is aggregated and anonymised it can’t reveal anyone's identity so it’s not considered personal data. For example, we’ll aggregate usage data to look at the proportion of people that use certain features
How do we collect personal data?
Most of the personal information we collect is provided by you, when you sign up to Timetastic, fill in forms or talk to us by email.
Technical, usage and location data are provided by your browser or collected automatically when you use Timetastic or browse our website.
We use Google APIs when you use your Google account to sign in to Timetastic.
Our use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
What we collect and how we use it:
When you sign up to a Timetastic
We ask for your identity and contact details so that we can create an account in your name. Typically this is your full name, the company you work for and your email address. We also use this data to personalise your account and send you emails, updates, and other essential information to help you use Timetastic.
When you pay for Timetastic
We ask for your financial and contact data so we can take your monthly payment, calculate VAT, and send you a corresponding invoice. Typically this is your credit card details, address, and VAT number.
Your full card details are captured by our payment provider, Stripe , they don’t go through our servers. The details we store are the last 4 digits of your card number, expiry date, and name. This is so we can show you which card you pay with, and send you a reminder when your card is about to expire.
When you use Timetastic
Your browser automatically shares certain technical information such as which operating system and browser you’re using. We also capture usage information such as which pages you visit, your preferences, and what functions you use. This data helps us understand how Timetastic is used, to feed into our design process, and to send you relevant onboarding emails, product updates, tips, and guides. We’ll sometimes use this information to help answer your support questions and diagnose problems.
When you browse our Website
We collect statistics on the use of our website, all the data is anonymised. The only personal data we collect is which website referred you to Timetastic, which page you landed on first, and when. We use this data for conversion rate analysis, to help us understand the effectiveness of our marketing efforts.
When you contact support
When you email us for support we capture your identity and contact details such as your name, email address, and of course anything you tell us in the message. We only use that information to answer your support request.
We capture technical data when you fill in the support form on our website or in the mobile app. It tells us which version of Timetastic, what device, browser, and operating system you're using, so that we can respond to your question more accurately, or diagnose any issue you’re highlighting.
When you arrange a demo
When you book a demo with us we collect your identity, contact information, and profile data. Your identity and contact information are used to send you an email confirmation and link so you can join the demo.
When you book we ask some questions to help us understand how you currently manage time off work. Your answers help us prepare for the session.
Through a 3rd party supplier
To help us validate and obtain complete and accurate data records we might also obtain data from 3rd party suppliers.
Sharing your personal data
We may share your details internally within the Citation Group to improve the service offering and range of services we provide, for the good administration and control of the business, marketing, analysis, reporting and account management purposes. Our group companies are data controllers in their own right.
To run the back office of Timetastic we use some third party software providers, you can view an up to date list of these company processors. We also use professional advisors such as accountants and lawyers, and we deal with tax authorities and regulators.
When we share personal data with any third party processor it’s either anonymised or encrypted. And we have contracts and data processing agreements in place so that they’ll only use your personal data in line with our instructions.
We’ll also share personal data if it’s to comply with our legal obligations or to protect our rights or intellectual property.
We do occasionally use and share aggregated, anonymised data in the normal course of operating our business e.g. to show trends or benchmark the general use of Timetastic, but none of this contains personally identifiable information.
Because Timetastic can be accessed anywhere in the world, and we use 3rd party vendors in different countries around the world, your data will inevitably be transferred to, and processed outside of your country of residence, where data protection rules are different. This includes transfers of data to countries outside the European Economic Area (EEA), Switzerland or the UK.
Your personal data will only be transferred to a country that the European Commission or the UK Data Commissioner has determined provides an adequate level of protection or, where the 3rd party vendor is bound by standard contractual clauses according to conditions provided by the European Commission.
Protecting your data
You’ll create your own password to sign into Timetastic. Please choose a strong password , it’s your responsibility to keep it safe and confidential, do not share it with anyone else.
All data is encrypted via SSL/TLS when it’s moving between our servers and your browser.
We also limit access to your personal data to those people who ‘need to know’. All of our employees and suppliers are subject to confidentiality and can only process data on our instruction.
In the unlikely event of a personal data breach we have a data breach policy to follow and will notify you and any regulators in line with our legal requirements.
How long do we keep personal data?
To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
We keep most of your data for as long as you’re using Timetastic - when you cancel your account, your data is deleted.
If there’s no payment or activity on a Timetastic account for 18 months, we consider that dormant and will delete the account and all its data, just as if you’d canceled.
After your account is closed the only personal data we retain is for accounting and legal purposes, which we’re required to keep for 6 years. In some circumstances, like complaints and litigation, we’re allowed to retain your personal data for longer.
When you contact us for support, that conversation is retained for 12 months. We have a background process that automatically deletes conversations when they hit 12 months old.
You have the right under data protection law to:
- Access the personal data we hold on you
- Rectify inaccurate data
- Erase/ delete your personal data.
- Restrict the processing of your personal data.
- Get a copy of your personal data in a structured, commonly used machine readable format.
Most of these rights can be exercised by signing into your Timetastic account and updating your information and preferences, or taking a backup.
If there’s something you can’t do in Timetastic, or you need assistance exercising these rights, please contact our support team. To discuss personal data we might need proof of identity, it’s purely for security, so that we know we’re dealing with the correct person.
We send onboarding emails, product updates, tips, and guides. We also like to keep you informed of other products or services that are available to you from the Citation Group, by email or phone. We don’t want to blanket send these to everyone or send anything irrelevant to you. So we use your Identity, contact, technical, usage and profile data to form a view on what’s appropriate to send.
You can opt out any time by clicking the “unsubscribe” link at the bottom of any marketing email, or from your preferences in Timetastic itself. You’ll still receive transactional emails from Timetastic, and for billing and any support questions.
Links to other websites
We do link to other websites, particularly in the blog. If you follow any of these links, bear in mind they’ll have their own privacy policies different from ours. It’s your responsibility to check these policies and make sure you’re in agreement with them.
Age of users
Timetastic and our website isn’t intended for use by people under the age of 16.
Feedback and complaints
Please contact us directly if you have any concerns about our use of personal data. If you’re unhappy with our response you can escalate to your local data protection supervisory authority.
The Information Commissioner’s Office , or
For EU residents submit a request to our EU Data Representative Adam Brogdan .
Changes and questions