Privacy Policy & Privacy Notice

(hereinafter “Privacy Notice“)

I. Introduction

1. This Privacy Notice is given pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of natural persons with regard to the processing of Personal Data an on the free movement of such date, and repealing Directive 95/46/EC (GDPR). The purpose of the Privacy Notice is to share basic principles of the Personal Data processing with the participating data subjects (data subjects).

2. For the purpose of this Privacy Notice:

a) Controller: Time is Ltd. s.r.o. Kafkova 346/14, 160 00 Praha 6, IC: 054 46 872, DIC: CZ05446872, e-mail: info@timeisltd.com , hereinafter as“Time is Ltd”.

b) Customer or you: any client of the Controller that starts using the Product.

c) Processors:

Our main subcontractors used for creation and implementation (but not the operation) of our Product – Time Analytics Platform (the “ Product”) that may become Personal Data processors in some cases are:

  • Microsoft Ireland Operations Limited, 70 Sir Rogerson's Quay, Dublin 2, Ireland
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Google Privacy Policy

The Controller and processors are required to provide technical, physical, organisational and procedural safeguards in compliance with industry standards to prevent unauthorised access to, breach of confidentiality, breach of security, loss, unauthorised destruction or alteration of the processed Personal Data (“security incident”), all in accordance with the Controller’s instructions and internal policies and the applicable data protection laws.

The Time is Ltd as a Data Controller hereby informs about manner and scope of the Personal Data processing performed by it. This Privacy Notice also contains the information on the data subject’s rights related to the Personal Data processing.

Analytics

The services contained in this section enable the Time is Ltd to monitor and analyze web traffic and can be used to keep track of the data subject behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the data collected to track and examine the use of the Website/products/services, to prepare reports on its activities and share them with other Google services.

Google may use the data collected to contextualize and personalize the ads of its own advertising network.

Personal Data collected: Cookies and Usage Data.

Place of processing: US – Privacy Policy – Opt Out

3. This document governs the processing of Personal Data only for the purpose of the performance of the contract on service provision between Time is Limited and the customer, the subject matter of which is the creation and implementation (not the operation) of the Time Analytics Platform (the Product) on SaaS basis (cloud) (the “ Services”). While supporting you in the operating of the Product, Time is Ltd acts as a processor of any data subjects’ Personal Data as per the customer’s instruction. Any processing or disclosure of Personal Data takes place without consent and includes:

  • Provision of Services as defined in the contract between Time is Ltd. and its customers (mid-to-enterprise corporations);
  • compliance with the Controller’s legal obligations arising under the above contractual commitment [1];

In the interest of guaranteeing the strongest possible protection for the privacy of data subjects, every data subject has the right to raise an objection requiring that his or her Personal Data be processed solely for the most essential of legal reasons, or for these data to be blocked. For more about the data subject’s rights related to the processing of Personal Data, please refer to Section 8 of this Notice.

Personal Data will be processed electronically but not in an automized manner.

The customers are hereby informed that Personal Data being stored and filed with Google LLC. Time is Ltd uses a following service [Google Drive], which are compliant with European standards of the Personal Data protection.

4. The Controller may have acquired Personal Data directly from data subjects or from its customers, particularly because the customers provided the Controller with credentials to access your calendar system for implementation or management purposes, or because the customers are using the Time is Ltd Product solution for their business purposes.

5. Personal data categories

(a) basic identification data – name, surname, address of residence and national personal ID number;

(b) contact information – telephone number and e-mail address;

(e) invoicing and transaction data – this primarily means information that appears on invoices, about invoicing conditions agreed upon and about accepted payments;

(f) Personal data of your employees;

(g) Personal data of your customers, suppliers, and trading partners.

6. The recipients of the Personal Data

Your Personal Data will be accessible to the above-mentioned Controller(s) and Personal Data processors, as well as to the authorized employees and representatives of Time is Ltd and, for the purpose of performing a contract, also to subcontractors who are obliged to act in accordance with the GDPR.

7. Processing period for the Personal Data

Your (and the data subjects) Personal Data will be processed as long as it is necessary for the above-mentioned purposes (i.e. for the duration of the contract or as long as the Controller’s legal obligation exists, i.e. for 10 years after the expiration of the contract).

After this period expires, all data will be irreversibly destroyed. The Controller will retain Personal Data to the extent necessary to demonstrate its compliance with the applicable legislation.

8. The rights of data subjects

The Controller takes all steps needed to ensure that the processing of your data is performed properly and above all securely. You are guaranteed the rights described in this article, which you can exercise towards the Controller.

The Controller will provide all communications and statements concerning the rights you exercise free of charge. If, however, your request should show itself to be manifestly unfounded or excessive, in particular due to its being a repeated request, the Controller may charge a reasonable fee based on administrative costs connected with the provision of the information. In the case of repeated application of a request for the provision of a copy of the Personal Data being processed, the Controller reserves the right to charge a reasonable fee for administrative costs for this reason.

The Controller will generally provide you with the statement and any eventual information on measures accepted as soon as possible, but within one month at the latest. However, the Controller is entitled to extend this deadline by two months when needed and with a view to the complexity and quantity of your requests. The Controller will inform you of this extension, including a listing of the reasons for it.

The right to information on the processing of your Personal Data

You are entitled to request from the Controller information on whether or not your Personal Data is being processed. If your Personal Data is being processed, you have the right to request from the Controller information on, in particular, the Controller’s identity and contact information and their representatives and employees responsible for Personal Data protection, on the purposes of the processing, on the categories of the processed Personal Data, on the recipients or categories of recipients of Personal Data, on the authorized Controllers, on the list of your rights, on your options for turning to the Czech Office for Personal Data Protection, on the source of the processed Personal Data and on automated decision-making and profiling.

If the Controller intends to process your Personal Data for a purpose other than that for which it was acquired, the Controller will provide you with information on this further purpose and other relevant information before such further processing. Information offered to you in the framework of the exercise of this right is contained in this Privacy Notice; this does not, however, prevent you from requesting it again.

The right to access your Personal Data

You are entitled to request from the Controller information on whether or not your Personal Data is being processed, and, if it is being processed, you have access to information on the purposes of this processing and the categories of Personal Data in question, on the data’s recipients or categories of recipients, its retention period, information on your rights (the right to request from the Controller a rectification or erasure; restriction of processing; the right to raise an objection to this processing), on the right to lodge a complaint to the Czech Office for Personal Data Protection, information on the source of the Personal Data, information on whether or not automated decision-making and profiling is taking place and information concerning the procedure used, as well as the significance and expected consequences of such processing for you, and information and guarantees in the case of the transfer of Personal Data to a third country or international organization. You have the right to be provided with a copy of the processed Personal Data. However, your right to acquire this copy may not adversely affect other persons’ rights and freedoms.

The right to rectification

If, on your part, there has been for example a change of residence, telephone number or other fact that can be considered Personal Data, you have the right to request from the Controller a rectification of your Personal Data. You further have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

The right to erasure (the right to be forgotten)

In certain specifically defined cases, you have the right to request that the Controller erase your Personal Data. These cases include for example the case where the processed data is no longer needed for the purposes listed above. The Personal Data Controller deletes data after the expiration of its period of necessity automatically; however, you can turn to the Controller with your request at any time. Your request is then subject to individual evaluation (even despite your right to erasure, the Controller may have obligations or legitimate interests in retaining your Personal Data), and you will be informed in detail on the handling of your request.

The right to restriction of processing

The Controller processes your Personal Data only to the extent strictly necessary. If, however, you should feel that the Controller e.g. is acting beyond the above-defined purposes for which the Personal Data are processed, you can submit a request for your Personal Data to be processed solely for the most essential of legal reasons, or for these data to be blocked. Your request is then subject to individual evaluation, and you will be informed in detail on the handing of your request.

The right to data portability

If you wish for the Controller to provide your Personal Data to another Controller, or to another company, the Controller will transmit the data in an appropriate format to the entity that you define, if no legal or other significant barriers prevent the Controller from doing so.

The right to object and automated individual decision-making

If you have determined, or believe, that the Controller is processing your Personal Data in conflict with the protection of your privacy and personal life or in conflict with legislation (upon the assumption that your Personal Data is processed by the Controller on the basis of a public or legitimate interest or is processed for the purposes of direct marketing, including profiling, or for statistical purposes or purposes of scientific or historical interest), you can turn to the Controller and request that they provide an explanation or you can also raise an objection directly towards automated decision-making and profiling itself.

The right to lodge a complaint to the Czech Office for Personal Data Protection

At any time, you can turn to the supervisory authority with any initiative or complaint you may have concerning Personal Data processing; the Czech Office for Personal Data Protection is this authority, and it has its headquarters at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, and its website at https://www.uoou.cz/.

All of these rights may be exercised via email at the address: info@timeisltd.comor via a letter sent to Time is Ltd. s.r.o., at the address Kafkova 346/14, 160 00 Prague, Czech Republic.

You have the right to turn to the department responsible for Personal Data protection within Time is Ltd by writing to cyril@timeisltd.com and, likewise, the right to submit a complaint to the relevant supervisory authority (the Czech Office for Personal Data Protection).

9. All rights and duties arising from and related to the processing of the Personal Data are governed by the Czech law, regardless from where the access thereto was made. Any dispute will be resolved by the courts in the Czech Republic having jurisdiction in accordance with the Time is Ltd registered address.

10. The data subject provide his/her Personal Data via email, calendar invite or through the customer or opts-in for marketing campaigns for the purpose of the agreement conclusion or thereby gives his/her consent with his/her Personal Data processing, whereas such consent is given by the data subject free will, on his/her own behalf and the Time is Ltd does not in any manner influence such consent.

11. This Privacy Notice can be changed by the Time is Ltd at any time. The Time is Ltd will inform the data subject(s) via the Website at least 30 days in advance.

12. This Privacy Notice becomes effective as of 1 July 2018.



[1] The processing is necessary for the performance of a contract, for compliance with a legal obligation of the Controller, to protect the Controller’s legitimate interests or the processing is based on consent given to the Controller.

The lawfulness of the processing is also based, for example, on Act No. 563/1991 Coll., on accounting, according to which billing data are processed and stored, according to Act No. 89/2012 Coll., the Civil Code, according to which the Controller defends its legitimate interests or by Act No. 235/2004 Coll., on value added tax.