Compliance

GDPR

Index

Privacy Statement

1. Introduction

2. EmpMonitor as a Data Processor for Client Data Processing

3. Processing Purposes and Legal Basis

4. Data Collected from EmpMonitor Users

5. Data Collected from Visitors to the EmpMonitor Website

6. Duration of Data Retention

7. Disclosure of Personal Information to Third Parties

8. Rights of the Data Subject

9. Security of Personal Data

10. Privacy Compliance Check

11. Privacy Policy Updates

12. Contact Details

EmpMonitor is dedicated to safeguarding the privacy of its users and ensuring the security of their personal information. In this Privacy Policy, EmpMonitor, also referred to as “we,” “us,” or “our,” together with our affiliates, describes how we process information, including personal data, related to the use of our website, EmpMonitor.com, and the real-time time tracking Service that assesses productivity. This Policy provides detailed information about the type of information we collect, why we collect it, how we use it, and how we handle such information.

By accessing or using our website or any of our Services, you agree to comply with the terms outlined in this Privacy Policy, along with the Cookie Policy, Terms of Service, and other relevant terms and policies displayed on our website. If you do not agree with this Privacy Policy, you must not proceed with the services.

1. Introduction

This Privacy Policy applies to the handling of Personal Data of independent individual users, referred to as “User” or “you,” who use EmpMonitor Service and visitors to EmpMonitor’s website. It also covers the processing of Personal Data by EmpMonitor on behalf of entities such as companies, organizations, institutions, and groups that track their employees’ or other individuals’ time within their EmpMonitor account group, known as “Client,” within the Service.

The terms “Personal Data,” “Data Subject,” “Processing,” “Controller,” “Processor,” and “Supervisory Authority” used in this Privacy Policy have the same meanings as given in the GDPR.

EmpMonitor is the Data Controller and establishes the purpose and means of processing the following data: Personal Data of Users who are EmpMonitor’s clients and who directly provide their Personal Data to EmpMonitor, including freelancers and other company officials who register for EmpMonitor; and Personal Data of individuals who subscribe to receive commercial communication and other news and updates from EmpMonitor but are not registered users of EmpMonitor Service.

2. EmpMonitor as a Data Processor for Client Data Processing

This section pertains to clients of EmpMonitor who transfer Personal Data of their end-users, such as their employees, to EmpMonitor. The client is considered the Data Controller because they determine the purpose and means of processing the Personal Data, while EmpMonitor is the Data Processor because they only access the data for the purpose of providing the Service. If you are a Data Subject, meaning an end-user of the EmpMonitor Service whose profile was created by your employer, any concerns or complaints regarding the processing of your Personal Data should be addressed to and resolved by your employer, who is the Data Controller.

The client transfers the Personal Data of their end-users to EmpMonitor when they create accounts for them in their group, which allows EmpMonitor to process the Personal Data in order to provide the Service. This Privacy Policy contains complete and final instructions from the client to EmpMonitor regarding the processing of end-users’ Personal Data, and constitutes a binding data processing agreement. EmpMonitor will always process the Personal Data on behalf of the client, following their instructions and complying with applicable data protection laws and regulations.

The client confirms that they have acquired all necessary consents or have another appropriate legal basis for the processing of end-users’ Personal Data, and that the end-users have been informed of the transfer of their Personal Data to EmpMonitor and other third parties used by EmpMonitor for the provision of Service.

EmpMonitor will process the aforementioned data for as long as they provide the Service to the client and the client has an active EmpMonitor account. When an end-user’s account is deleted by the client, EmpMonitor may still process the data of deleted accounts for statistical and analytical purposes of the client, but such data can be deleted at any time upon the client’s request. After terminating their contractual relationship, EmpMonitor may continue to store some Personal Data, but only to the extent necessary to comply with legal obligations, ensure reliable backup systems, resolve disputes, prevent fraud and abuse, enforce agreements, and pursue legitimate interests.

EmpMonitor may use sub-processors to provide the Service to the client, but will ensure that they comply with the same data protection obligations set out in this Privacy Policy and GDPR where applicable. EmpMonitor will assist the client with fulfilling their obligations as a Data Controller, such as responding to requests from end-users regarding their Personal Data and investigating Personal Data breaches. Unless required by applicable law, EmpMonitor has no obligation to store the client’s data after termination of the agreement and will delete or return all Personal Data at the client’s choice.

3. Processing Purposes and Legal Basis

The Controller, EmpMonitor, will process your Personal Data to provide you with the Service, improve the Service, address any Service-related issues, and ensure that you receive the best customer experience possible.

EmpMonitor collects and processes your Personal Data for various purposes, including registering you for the Service, sending you invoices, personalizing your account settings, analyzing your performance, communicating with you about the Service, improving the Service, measuring and analyzing usage data, delivering personalized ads and promotions, and protecting the legal interests of EmpMonitor, its Clients, Users, and other third parties.

EmpMonitor will ask for your consent before using your information for any purpose not covered in this Privacy Policy.

EmpMonitor collects and processes Personal Data based on various legal bases, such as the contractual relationship between you and EmpMonitor, legal obligations imposed by applicable law, legitimate interests pursued by EmpMonitor or third parties (provided such interests do not outweigh your rights and freedoms), and your consent for certain types of Personal Data. Note that EmpMonitor may process the same Personal Data for several purposes simultaneously and on more than one legal basis.

4. Data Collected from EmpMonitor Users

EmpMonitor collects, generates, and receives information from users in various ways when using the Service, and some of this information may include Personal Data. This includes information provided by users when creating an account, such as their full name, email address, password, payment information, phone number, social media account information (if applicable), and optional photo. Users also have the option to voluntarily disclose additional Personal Data, such as their health information when using the absence calendar function, but this is not mandatory.

Additionally, EmpMonitor allows for third-party integrations with the Service, which may involve the sharing of certain information between the third-party provider and EmpMonitor. Users should review the privacy settings of these third-party services to understand what data may be disclosed.

When configuring their EmpMonitor account, users provide information such as their location, time zone, workday start and end times, work duration, work tracking start and stop times, tracking days, hourly rate, offline and private time input options, application names to be collected, absence calendar information, colleagues’ information, and project cost calculation tool usage.

Finally, EmpMonitor records information created by users when using the Service, including IP addresses, browser type and software version, application and task names, websites visited, EmpMonitor client version, path to the application, use start and end times, break times, and screenshots of computer screens. However, keystrokes and mouse movements are recorded without the recording of the actual content typed or clicked. If a user is not the Client of the Service, this information is provided by the Client (e.g., employer).

5. Data Collected from Visitors to the EmpMonitor Website

When you visit our website, we may collect and process certain information that could include your Personal Data, such as your device and browser information, IP address, and other information obtained through the use of cookies and similar technology.

If you choose to subscribe to the EmpMonitor blog, leave a comment on a blog post, or submit a question to us, you will need to provide us with certain Personal Data, including your name and email address.

When you subscribe to our blog or newsletter, we will use your email address to send you informative materials, such as newsletters and advertisements. You can unsubscribe from these emails at any time by clicking the link provided in the footer of the emails.

6. Duration of Data Retention

EmpMonitor will retain Personal Data from your account for as long as you maintain your EmpMonitor account or for the duration necessary to provide you with the Service, whichever is longer.

EmpMonitor will keep data generated by you for as long as the period of 9 months. Following this period, only general information such as “Log-in,” “Log-out,” “Active Hours” and “Total Hours” will be stored for statistical purposes.

If you terminate your subscription with EmpMonitor by deleting your account or terminating the contract, we would not contain any data whatsoever.

7. Disclosure of Personal Information to Third Parties

In order for EmpMonitor to provide you with our Service, we collaborate with third-party service providers that furnish us with the necessary services required in the ordinary course of our business. Consequently, we may share your Personal Data with these third-party service providers who process your personal data on behalf of EmpMonitor.

 

The recipients of your Personal Data may fall under various categories, such as hosting and server co-location service providers, communication and content delivery networks, data and cyber security service providers, billing and payment processing service providers, fraud detection and prevention service providers, web analytics, email distribution and monitoring service providers, session recording service, marketing service providers, legal and financial advisors, and other similar categories. EmpMonitor may share your Personal Data with these categories of recipients in order to provide you with our Service.

 

EmpMonitor only shares the strict minimum amount of Personal Data necessary with Third-Party Service Providers in order for them to provide the requested service. We only share Personal Data with Third-Party Service Providers that are able to demonstrate they have implemented suitable measures to ensure compliance with GDPR and other applicable laws and regulations regarding the processing of Personal Data.

 

EmpMonitor may have a legal obligation to share your information with third parties in certain situations. Such situations may arise when sharing your Personal Data with a third party is required by law, or when information is requested by public authorities.

EmpMonitor may also share your Personal Data with its parent company, subsidiaries, affiliates, distributors, and resellers for the provision of Services and other purposes as described in this Privacy Policy. EmpMonitor may also share your Personal Data if it sells, buys, merges, acquires, partners with other companies or businesses, or if it is under reorganization, liquidation, or bankruptcy.

Personal Data processed by EmpMonitor may be transferred to recipients outside of the European Economic Area (EEA). If EmpMonitor transfers Personal Data outside of the EEA, it will only send Personal Data to recipients that have implemented adequate data processing and protection requirements and are able to ensure an adequate level of protection, or have provided adequate guarantees.

8. Rights of the Data Subject

Individuals located in certain countries, such as the European Economic Area, have statutory rights concerning their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to your Personal Data, to seek to update, delete, or correct this data, to restrict or object to the processing of your data, as well as the right to portability of your Personal Data.

As an EmpMonitor user, you may exercise these rights by submitting a request to us using the contact details provided in this Privacy Policy. We will respond to your request in accordance with applicable laws and regulations governing the processing of Personal Data.

You may exercise your rights as a Data Subject by logging into your EmpMonitor account or by contacting us using the contact information provided in Paragraph 12 of this Privacy Policy.

If you believe that EmpMonitor has processed your Personal Data unlawfully, you have the right to submit a complaint to us using the contact information provided below, or you may submit a complaint to the data protection supervisory authority in your country.

If you are an individual whose Personal Data has been provided to EmpMonitor by the Client (such as an employee of the Client), please contact the Client to exercise your rights as a Data Subject.

In case EmpMonitor receives a complaint or request from an individual whose Personal Data has been provided to EmpMonitor by the Client and who is exercising their rights as a Data Subject, EmpMonitor will not respond to such complaint or request without prior written authorization from the Client.

9. Security of Personal Data

EmpMonitor implements appropriate organizational, technical, and administrative measures to safeguard the confidentiality, integrity, and availability of Personal Data. We recommend that Users, Clients, and their end-users also take responsibility for protecting their Personal Data and any Personal Data in their possession by creating strong passwords for their EmpMonitor accounts, limiting computer and browser access, signing out at the end of a session, and avoiding the disclosure of any sensitive information that could cause significant harm to the Data Subject if disclosed to EmpMonitor.

All authorized personnel at EmpMonitor who are involved in processing Personal Data are bound by confidentiality obligations and are prohibited from accessing or processing such data without authorization, unless it is necessary for the purpose for which the data was obtained in the first place.

If there is a breach of Personal Data, EmpMonitor will comply with applicable laws and notify you accordingly. EmpMonitor will also provide reasonable assistance in the investigation of such breach and notify the supervisory authorities and data subjects affected by the breach in accordance with applicable laws.

10. Privacy Compliance Check

At the written request of the Client, EmpMonitor agrees to furnish the Client with adequate information to demonstrate conformity with the responsibilities stipulated in this Privacy Policy and relevant laws and regulations. This information shall be provided to the extent that it is within EmpMonitor’s control, and EmpMonitor is not restricted from disclosing it by law, any obligation of confidentiality, or any other obligation owed to a third party.

If the information provided to the Client is insufficient to confirm EmpMonitor’s compliance with this Privacy Policy, then EmpMonitor agrees to allow for and contribute to data processing audits.

Such audits may be carried out by an independent third party with a good market reputation, provided that it has sufficient experience and competence to carry out data processing audits, and the selection of such an auditor must be mutually agreed upon by both the Client and EmpMonitor.

The timing and other practicalities related to any such audit or inspection are determined by us, and any information and assistance provided are at the cost and expense of the Client. We reserve the right to charge the Client for any additional work or other costs incurred by us in connection with the Client using such rights. The Client has the right to request an audit once every two years.

The auditor will be required to sign a confidentiality agreement that includes an obligation not to disclose business information in its audit report, and the final report must also be provided to EmpMonitor.

11. Privacy Policy Updates

EmpMonitor may make occasional changes to this Privacy Policy, such as when introducing new services or features. The changes to this Privacy Policy will be effective and applicable from the moment they are uploaded to this page.

Hence, we advise you to periodically review this page. By continuing to utilize our Services or providing Personal Data to us after the amendments to this policy have been implemented, you agree to the updated terms of the Privacy Policy.

12. Contact Details

If you have any inquiries about our data processing practices or this Privacy Policy or if you wish to exercise any of your rights as a Data Subject with respect to your Personal Data, please reach out to us by sending an email to [email protected].