Support Contact sales Login
Contact sales Login

Privacy Policy

Overview

At TIMETICK, we believe everyone has the right to Privacy and should be able to exercise fine-grained control over how an organization uses their personal information. To this end, TIMETICK aspires to meet the requirements of the various privacy legislation that applies to our global customer and employee base and extend a common set of rights that exceeds these requirements to everyone who interfaces with TIMETICK.

This document describes how we do this and how users of TIMETICK products and services can exercise those rights.

Scope

This policy applies to the entire TIMETICK organization, including its products and services. There are no exceptions.

‘TIMETICK’ refers to the legal entity, TIMETICK Inc, headquartered at 4850 Hollywood Blvd Unit 203, Los Angeles, CA 90027, USA. ‘Products and services’ are defined as any application developed by TIMETICK for our customers or any physical hardware products shipped by TIMETICK that connect to these services.

TIMETICK’s Role

Depending on the nature of the relationship between an individual and TIMETICK, TIMETICK’s classification in regards to its role in data privacy can change, and this can alter how TIMETICK responds to requests for information. It does not, however, alter our commitment to safeguarding personal information that we’ve been entrusted with during the course of business.

TIMETICK as a data collector

If TIMETICK collects personally identifiable information from you directly, for example, if you register for an account on TIMETICK, our relationship with you is as a data collector.

  • Under the EU General Data Protection Regulation (GDPR) this classification is known as a data controller.

TIMETICK as a data processor

TIMETICK can also serve as a third-party data processor. This situation occurs when an entity leverages TIMETICK’s products and services to deliver its own product or service to its customers.

  • Under the EU General Data Protection Regulation (GDPR) this classification is known as a data processor.
  • Under the California Consumer Privacy Act (CCPA) this classification is known as a service provider.

What does this mean?

Any individual can make a request to TIMETICK directly regarding privacy of personally identifiable information (as described in this policy), but it is important to remember TIMETICK will always respond to such requests in its capacity as a data collector. For various legal, contractual and technical reasons, TIMETICK cannot respond directly to individuals with regards to personally identifiable information collected in its role as a data processor. Instead, TIMETICK works with our enterprise customers to align with their own privacy programs and practices, and establishes mechanisms for timely response to such requests.

So in summary, if you have a third party relationship with TIMETICK through another business, you should make your personally identifiable information privacy request through that business’s published channels. Behind the scenes TIMETICK will be working with them to ensure we do our part to provide relevant information.

Legal basis for collection of personally identifiable information

TIMETICK collects personally identifiable information only where it has a legal basis to do so. Typically, this is because you’ve expressed an interest in, or decided to purchase a TIMETICK product or service, and therefore we need to ship it to you, provide support, perform other general e-commerce functions, send you registration information, and other service provider functions. TIMETICK will not intentionally gather information from children under the age of 13.

Types of personally identifiable information collected

TIMETICK may collect the following types of personally identifiable information:

  • General personal information, such as full name, email address, mailing and billing addresses.
  • Technical identifiers, such as usernames, device IDs, SIM card ID and IP address.
  • Geolocation information, such as GPS coordinates.
  • Browser identifiers, such as user agent strings.

How TIMETICK collects personally identifiable information

There are three ways in which TIMETICK may collect personally identifiable information:

  • Directly, and voluntarily, from you as a consumer of our products and services – through our websites and stores.
  • Directly, and autonomously, from your browser or device through visits to TIMETICK websites or while using TIMETICK applications.
  • Indirectly, through third party entities, who provide data to TIMETICK during the course of normal business operations. This typically means TIMETICK enterprise customers, but could also include service providers with which TIMETICK has contracted to deliver a specific function, for example, a payment service provider.

How TIMETICK uses personally identifiable information

There are two ways in which TIMETICK uses information collected

  • To provide the service or product that you have signed up for. By sending you important information about your account, and performing billing functions.
  • To provide additional information about TIMETICK services, events, new and upcoming products that may be of interest to you.

In both cases listed above, the information is used directly by TIMETICK, and not accessible to any third parties.

Disclosure of personal information

TIMETICK does not ‘sell’ personally identifiable data for direct financial benefit. TIMETICK may share personally identifiable information with its chosen service providers in support of its principal business operations, but all such relationships are governed by contractual agreements with those service providers and are routinely vetted to ensure they meet our strict security and privacy requirements.

In relation to TIMETICK’s role as a data processor, TIMETICK will receive and process data on behalf of our customers, before passing the data back to them. TIMETICK stores only the minimum amount of data required to deliver the service reliably, such as device identifiers and IP addresses, and does not make a habit of storing more data than is absolutely necessary.

Our subprocessors

NameAddressProcessing Purpose
Amazon Web Services, Inc.410 Terry Avenue North, Seattle, WA 98109, United StatesHosting infrastructure
Stripe, Inc.354 Oyster Point Blvd South San Francisco, CA 94080Payment processing
Google, LLC (Google Workspace + Google Analytics)1600 Amphitheatre Parkway, Mountain View, CA 94043, United StatesCorporate email hosting, website analytics, google maps api
HubSpot Inc2 Canal Park, Cambridge, MA 02141Customer relationship management

Marketing automation

Responding to legal requests for information

TIMETICK may disclose personally identifiable information as is necessary:

  • To comply with a subpoena or court order.
  • Cooperate with law enforcement or other government agencies.
  • Establish or exercise our legal rights.
  • Protect the property or safety of our company and employees, contractors, vendors, suppliers, and customers.
  • Defend against legal claims.
  • Help with internal and external investigations.

Security of Personally Identifiable Information
TIMETICK is committed to ensuring the security of all data collected, including personally identifiable information (PII). Our dedicated information security team implements appropriate safeguards and controls to protect data throughout its lifecycle. The security team plays a key role in TIMETICK’s operations, including the development of hardware and software products, establishing company-wide policies, and conducting operational security monitoring.

Encrypted Communication: All data collected via our websites is transmitted using Transport Layer Security (TLS) encryption. Communication between hardware devices and our cloud platform is encrypted in transit using modern, strong cryptographic ciphers.

Secure Hosting: The TIMETICK Device Cloud is hosted on leading Infrastructure-as-a-Service platforms known for their robust security practices and regularly assessed to align with industry best practices.

Payment Security: Payment card data is processed exclusively by a third-party provider audited against the Payment Card Industry Data Security Standard (PCI-DSS).

Storage and Transfer of Personally Identifiable Information
All personally identifiable information collected by TIMETICK is processed and stored in the United States.

Retention of information

Generally speaking, the data collected by TIMETICK when delivering its services exchanged in real time. The TIMETICK platform is primarily a conduit for passing that information between TIMETICK hardware and TIMETICK customers. Therefore, by design, there isn’t a great deal of ‘retention’ that happens intrinsically.

Retention of certain financial and transactional records associated with TIMETICK generally happens for financial reporting reasons, or to allow us to identify the owner of a given device to provide support. In these cases, such records are retained for 7 years.

Your rights in regards to personally identifiable information

TIMETICK extends a common set of rights to everyone in regards to how we leverage personally identifiable information. These rights are as follows:

  • Right to access – you can request a copy of your personally identifiable information held by TIMETICK. Upon appropriately validating your identity, TIMETICK will submit a copy, in a legible format, of all personally identifiable data collected in the preceding 12 month period within 30 days of receiving the request.
  • Right to rectification – in addition to being able to update your TIMETICK user account directly, you can make a written request to TIMETICK to update personally identifiable information held about you.
  • Right to erasure (or right to be forgotten) – you can request that TIMETICK erase (‘delete’) personally identifiable elements of data from our systems, and we will do so with consideration for any overriding local, state or federal laws. The most likely outcome of this right is to no longer receive TIMETICK marketing materials. TIMETICK does retain the right to remember that we’ve been asked to forget you.
  • Right to restrict processing – You have the right to request that TIMETICK restrict the processing of your personally identifiable information, under certain conditions.
  • Right to object to processing – You have the right to object to TIMETICK processing your information, under certain conditions.
  • Right to data portability – you have the right to request that TIMETICK transfer your data directly to you, or to another entity. TIMETICK will do so providing we can do so securely.

Making a privacy request

In order to make a request to exercise any of the rights listed above, you must contact TIMETICK’s privacy team via email to privacy@timetick.io.

TIMETICK will respond to any privacy requests received here within 30 calendar days. TIMETICK will not disclose, update, or otherwise alter personally identifiable information, unless it can satisfactorily authenticate and identify the subject making the request.

Contacting TIMETICK’s Data Privacy Officer

Please use the following to contact TIMETICK’s Data Privacy Officer (DPO) directly:

By email: privacy@timetick.io.

By mail: Privacy Officer, TIMETICK, 4850 Hollywood Blvd Unit 203, Los Angeles, CA 90027, USA.

Notice regarding use of Cookies

TIMETICK, like many other organizations, will store session information (often called “Cookies”) in your browser that will help TIMETICK to identify information such as browsing activity, IP addresses and page view order. You do have the option to not use these Cookies; the majority of browsers will have a “help” tool that will help you to prevent Cookies if you want to, but TIMETICK recommends you keep Cookies active as it will provide a better user experience on TIMETICK’s Websites.

Notice to European Union Residents

TIMETICK operates in accordance with the General Data Protection Regulation (GDPR), and as such, this privacy policy has been designed to incorporate the specific requirements laid out within the GDPR.

We’re committed to protecting the rights of EU residents who leverage the TIMETICK platform, and encourage EU residents to contact us to exercise those rights using the mechanism described in the ‘making a privacy request’ section above.

Participation in EU-U.S. and Swiss-U.S. Data Privacy Frameworks

TIMETICK complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. TIMETICK has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. TIMETICK has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

EU/UK Standard Contractual Clauses

In response to the Schrems II case, which invalidated the EU-US Data Privacy Framework from a legal perspective, TIMETICK leverages the Standard Contractual Clauses to provide assurance of protection to data transferred from the EEA to TIMETICK in the United States.

The 2021 Standard Contractual Clauses, approved by the European Commission in decision 2021/914, will apply to data transfers from the European Economic Area to TIMETICK. They will apply in the following manner:

Module One (Controller to Controller) will apply where Customer is a controller of customer data and TIMETICK is a controller of customer data – for example, geo-location data.

Module Two (Controller to Processor) will apply where Customer is a controller of customer data and TIMETICK is a processor of customer data.

Module Three (Processor to Processor) will apply where Customer is a processor of customer data and TIMETICK is a sub-processor of customer data.

To the extent there is any conflict between the Standard Contractual Clauses and any other terms in this policy, the provisions of the Standard Contractual Clauses will prevail.

Transfer to the United States of European Personal Data

Information submitted to TIMETICK by users of our service is stored on servers located in the United States, and may be transferred by us to third parties who may also be situated in the United States. The United States does not have similar data protection laws to the European Union, and you should be aware in particular that the law and practice in the United States in respect of law enforcement authority access to data is significantly different from Europe. Where we transfer your information we will take all reasonable steps to ensure that your privacy rights continue to be protected consistent with our obligations under local law and the Data Privacy Framework (DPF). By submitting information to TIMETICK, you agree to this storing, processing and/or transfer.

Accountability for onward transfers

TIMETICK is responsible for the processing of Personal Data it receives, under the Data Privacy Framework (DPF)/Standard Contractual Clauses, and subsequently transfers to a third party acting as an agent on its behalf. TIMETICK complies with the EU Standard Contractual Clauses applicable to all onward transfers of Personal Data from the EU, UK and Switzerland, including the onward transfer liability provisions.

Enforcement

With respect to Personal Data received or transferred pursuant to the Data Privacy Framework (DPF), TIMETICK is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Resolution of Data Privacy Framework Related Queries and Complaint Mechanism

In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, TIMETICK commits to resolve any complaints about the collection, or use of personal data. EU residents with inquiries or complaints regarding our Data Privacy Framework policy should contact TIMETICK’s privacy officer, via email to privacy@timetick.io, or via mail to: Privacy Officer, TIMETICK, 4850 Hollywood Blvd Unit 203, Los Angeles, CA 90027, USA.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) using this form: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/. As further explained in the Data Privacy Framework Principles, a binding arbitration option also be made available to you in order to address residual complaints not resolved by any other means.

Notice to California Residents

TIMETICK operates in accordance with the California Consumer Privacy Act (CCPA), and as such, this policy has been designed to incorporate the specific requirements laid out within the CCPA.

We’re committed to protecting the rights of California residents who leverage the TIMETICK platform, and encourage California residents to contact us to exercise those rights using the mechanism described in the ‘making a privacy request’ section above.

TIMETICK will not discriminate against individuals who exercise their rights under the CCPA.

Categories of personal information collected

TIMETICK collects the following categories of information, as defined under the CCPA:

  • Identifiers
  • Commercial Information
  • Geolocation data
  • Inferences about personal preferences and attributes drawn from profiling

Do not sell my information

Since TIMETICK is not involved in the sale of personal information to third parties for financial gain, we do not maintain a separate opt-out page, in accordance with the CCPA.

Authorized Agents

A California customer may use an authorized agent to make a CCPA privacy request on the customer’s behalf. To make a request on behalf of a TIMETICK customer, the authorized agent must first provide a copy of either (a) a letter signed by the customer authorizing the agent to submit a CCPA request on their behalf, or (b) a valid power of attorney issued pursuant to California Probate Code sections 4000 to 4465. An authorized agent must email one of these documents to privacy@timetick.io and include a phone number where the agent may be reached during regular business hours.

Information disclosed for business purposes

Over the preceding 12 months, TIMETICK has disclosed personally identifiable information to its service providers to support the following business activities:

  • Auditing
    • Advertising analytics
    • Auditing legal and regulatory compliance
    • Security
  • Debugging
    • Identifying and fixing technical errors
  • Short-term uses
    • Contextual ad customization that does not involve or contribute to profiling
    • Performing services
  • Account maintenance
    • Customer service
    • Processing transactions
    • Marketing

Notice to TIMETICK Employees and Contractors

TIMETICK maintains an internally accessible addendum to this policy that includes specific provisions regarding additional data that is collected during the course of employment at TIMETICK.

Updates to this policy

TIMETICK may update this privacy policy from time to time and is committed to ensuring the latest version of it is publicly available. Please refer to the ‘last updated’ date at the beginning of this policy.