TimeTec - Cloud Solutions for Workforce Management
Privacy Policy
Last Updated: May 1, 2018
TimeTec's mission is to offer cloud-based workforce solutions to various offices and business across industries locally and abroad. Central to this mission is the company’s commitment to be transparent with you about your personal data we collect and how it is used and shared throughout our solution.

This Privacy Statement describes how TimeTec brand and its holding company, TimeTec Cloud Sdn. Bhd. collect, store and handle personal information of individuals in accordance with the Personal Data Protection Act 2010 (“PDPA”) and the laws of Malaysia. Our processing and use of personal data is also designed to comply with the EU General Data Protection Regulation (GDPR).

Please read this Privacy Statement to understand how we use the personal information we may collect from you.

If you use our Services, you consent to this Privacy Statement, including our Cookies Policy.

Introduction
TimeTec is a brand for cloud-based workforce management systems, used by companies and its employees to manage their workforce attendance, leave, security and other workforce related operations, through TimeTec's range of App and Web services.

This Privacy Statement applies to timeteccloud.com, timetecta.com, timetecleave.com, timetecpatrol.com, timetechire.com, timetecvms.com, timetecaccess.com, timetecprofile.com, TimeTec-branded apps, and other TimeTec-related sites, apps, communications and services (“Services”), including visitors to the websites.

Consent
If you use our Services, you consent to the collection, use and sharing of your personal data under this Privacy Statement (which includes our Cookie Policy and other documents referenced in this Privacy Statement) and agree to the User Agreement. We provide you choices that allow you to opt-out or control how we use and share your data.

If you use our Services after an update to this Privacy Statement, you consent to the changed document.

We may modify this Privacy Statement from time to time. If we make material changes to it, we will provide notice through our Services, or by other means (e.g. notice posted on our Facebook page along with the updated Privacy Statement), to provide you the opportunity to review the changes before they become effective. If you object to any changes, you may close your account. Your continued use of our Services after we publish or send a notice about our changes to this Privacy Statement means that you are consenting to the updated Privacy Statement.


In this Privacy Statement you will understand:
• About Personal Information
• Who Collects and Processes Data Collected
• Information We Collect
• How We Use Your Data
• Data Disclosure
• Data Security
• Data Retention
• International Transfer of Information Collected
• Your Rights & Obligations
• Protection of Minors
• How to Contact Us


About Personal Information
Personal information refers to any information which relates directly or indirectly to you. This includes any information that can be used to distinguish, identify or contact you. For the purposes of this Privacy Statement, personal information encompasses sensitive personal information which relates to information relating to your health, political opinions, religious beliefs, etc. For the avoidance of doubt, please note that this Privacy Statement is applicable only if you are a natural person / an individual.

Who Collects and Processes Data Collected

TimeTec processes Personal Data both as a Controller and as a Processor, as defined in the GDPR.

TimeTec will be the Controller for "Subscriber" data, meaning Personal Data of the individual that registers for our services and enters into the Service Agreement. In addition, TimeTec also controls Personal Data that we collect from our website and outside of our website through other channels. For instance, this includes when you contact us by telephone, email and chat services, respond to our marketing materials, submit physical forms and etc.

For "User" data that is stored or processed in each Subscriber's TimeTec account, the respective Subscriber/Customer (potential) will be the Controller in accordance with GDPR, and TimeTec will be the Processor.

Through TimeTec’s services, each Subscriber have full control over the Personal Data that is stored within their account. This Personal Data can include information such as phone numbers and addresses. After Subscribers initiate the services, they may create Users ("User" data) with different privilege levels, including some granted with Administrator rights. At any time, the Subscriber and these Administrators can add to, modify, delete or share the User data. Because this data is user generated, it is the Subscriber’s responsibility to ensure that collection and processing of data is done in accordance with applicable law.

TimeTec will not process Personal Data for other purposes or by other means than instructed by its Subscribers. Any User who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his/her query to TimeTec's Subscriber, the data controller.

Information We Collect
With the purpose to provide you with TimeTec App, Web & Services and to operate in an efficient and effective manner by providing you with the best service possible, we need to collect relevant personal information from you. The personal information collected by us may include (but is not limited to) the following:


Contact information such as your name, company name, address, phone number and e-mail address provided when you Communicate with us. This include instances where you register to use our websites, applications or services (including free trials), download TimeTec App, respond to any marketing materials we send out or when you contact us for any enquiries, including communication by telephone, email, chat services and social media.
Upon the purchase of a subscription we also require certain financial information such as credit card information, which we will not have access to as they will be managed by payment providers.
Information about your computer or device used to access our Services, and about your visits to and use of our websites (including your IP address, geographical location, operating system, browser type, number of visits, average time spent on the site and pages viewed). The collected information is used to provide an overview of how people are accessing and using the TimeTec website and not for any additional purpose, such as to profile users.
We may do this using cookies, web Beacon or similar technologies. By continuing to visit the website, you agree to the placement of cookies on your device. If you choose not to accept our cookies, we cannot guarantee that your experience will be as fulfilling as it would otherwise be. We may also place cookies from third parties for functional and marketing purposes. To read more about how we use cookies, please read our Cookies Policy.
Details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We use this to help ensure our communications are useful for you.
Personal data provided when you register for our publications such as newsletters, complete online forms (including call back requests), take part in surveys, post on our blogs, download information such as white papers or other publications or participate in any other interactive areas that appear on our website.
Personal data provided when you commence a business relationship with us such as being our service provider/business partner
Personal data provided when you lodge a complaint with us
Personal data provided when you provide feedback to us through websites or other channels
Other than personal information obtained from you directly, we may also obtain your personal information from third parties we deal with or are connected with you (credit reference agencies or financial institutions), and from such other sources where you have given your consent for the disclosure of information relating to you, and/or where otherwise lawfully permitted.


How We Use Your Data
We may collect and use personal data from you or from the category of third parties identified in this Privacy Statement, for one or more of the following purposes:
To verify your identity
To assess and process your application(s) /request(s) for TimeTec App, Website & Services
To administer and manage TimeTec App, Website & Services we provide you including charging, billing, facilitating payments and collecting debts
To assess and/or verify credit worthiness
To detect and prevent fraudulent activity
To keep in contact with you and provide you with any information you have requested
To engage in business transactions in respect of TimeTec App, Website & Services to be offered and provided to you
To establish and better manage any business relationship we may have with you
To process any communications you send us (for example, answering any queries and dealing with any complaints and feedbacks)
To notify you about benefits and changes to the features of TimeTec App, Website & Services
To produce data, reports and statistics which shall be anonymised or aggregated in a manner that does not identify you as an individual
To investigate, respond to, or defend claims made against, or involving TimeTec Cloud Sdn. Bhd.
To conduct our internal marketing and promotional activities. For example, we may use it to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. You can also unsubscribe from any email marketing using the links provided in the emails we send to you. Please refer to the section below on 'Your Rights' to object to processing for marketing purposes.
To maintain records required for security, claims or other legal purposes
To comply with legal and regulatory requirement
For internal purposes such as auditing, data analysis, and research to improve TimeTec’s products, services, and customer communications.
For any other purposes that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities


Data Disclosure
As a part of providing you with TimeTec App, Website & Services and the management and/or operation of the same, we may be required or need to disclose information about you to the following third parties:
Law enforcement agencies
Government agencies
Companies and/or organisations that act as our agents, contractors, service providers (including their subcontractors) and/or professional advisers
Companies and/or organisations that assist us in processing and/or otherwise fulfilling transactions and providing you with TimeTec App, Website & Services that you have requested or subscribed for
Our business associates and other parties for purposes that are related to the purpose of collecting and using your personal information
Other parties in respect of whom you have given your express or implied consent
Subject at all times to any laws (including regulations, guidelines and/or obligations) applicable to TimeTec App, Website & Services
Strategic partners that work with TimeTec to provide better products and services, or that help TimeTec market to customers. For example, when you inquire about TimeTec solution, TimeTec may send your email with your personal or non-personal information to Third Parties (Authorized Resellers in specified) for sales follow-ups. Personal information will only be shared by TimeTec to provide TimeTec solution and services to you; it will not be shared with third parties for their marketing purposes.
Please note that TimeTec uses data processors that collect, store and process your data on behalf of TimeTec. The selected processors offer all the appropriate guarantees with regard to technical and organizational security measures regarding the processing of your personal data. They are used for the following purpose:
Hosting of our applications or services
Hosting of our customer relationship management system,
Enabling payments,
Enabling user support functionalities, such as website chat rooms,
Enabling visit and usage analytics


Data Security
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet, to be only accessed by those authorized with special access rights to our systems.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your Personal Data has been compromised, please contact us as set forth in the “How to Contact Us” section.

If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.

Data Retention
We will retain personal data we process on behalf of our client for as long as needed to provide the Services. We will retain and use this personal information as necessary to comply with our legal obligations, maintain accurate financial and other records, resolve disputes, and enforce our agreements.

International Transfer of Information Collected
Our company is based in Malaysia and we use IT and other service providers which are located in multiple countries. Our applications or services or parts of them may be hosted in facilities provided by Amazon Web Services in the United States. Meanwhile, our websites may be hosted in Malaysia and when you send an email to us, this will also be stored on our email servers in Malaysia. Therefore, your information collected by TimeTec may be stored and processed in the United States, Malaysia, Singapore, Europe, or any other country in which TimeTec or its affiliates or service providers maintain facilities.

When submitting your personal data, you are agreeing to such processing, transfer or storage as outlined above. We will ensure at all times to take all reasonable steps necessary to maintain the security of your personal data in accordance with this Privacy Policy. We shall also take reasonable steps to ensure that any such third party entities are contractually bound not to use your personal information for any reason other than to provide TimeTec App, Website & Services that are contracted by us to provide and to adequately safeguard your personal information.

For personal data that is subject to European data protection laws, this means that any information which is submitted by you through the website or the application or service may be transferred to the United States or to other territories outside of the EEA. We may also transfer your information to service providers outside the EEA for the purpose of providing our applications, advertising and services to you.

We take steps to ensure that where your information is transferred outside of the EEA to our service providers and hosting providers, appropriate measures and controls are in place to protect that information in accordance with applicable data protection laws and regulations. In each case, such transfers are made in accordance with the requirements of Regulations (EU) 2016/679 (the General Data Protection Regulations or “GDPR”) and may be based on certification of compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework or the use of the European Commission’s Standard Model Clauses for transfers of personal data outside the EEA.

By using our website, products or services or by interacting with us in the ways described in this Privacy Policy, you consent to the transfer of your information outside the EEA in the circumstances set out in this Privacy Policy. If you do not want your information to be transferred outside the EEA you should not use our website, applications or services.


Your Rights & Obligations
Right to Access, Correction, Deletion, Data Portability
We can assist you to access, correct or delete your personal information held by us. Where you wish to have access to your personal information in our possession, wish to amend or to delete your information, you may make a request to us by contacting TimeTec Team with the contact details provided below. You should quote your name, address and phone/account number and provide brief details of the information you want a copy of in any such request. We will use reasonable efforts to comply with your request to access, correct or delete your personal information within 30 days of receiving your request. We will fulfil your request by sending your copy electronically, unless the request expressly specifies a different method. Please note that we may have to withhold access to your personal information in certain situations, for example when we are unable to confirm your identity or where information requested for is of a confidential commercial nature or in the event we receive repeated requests for the same information. Nevertheless, we will notify you of the reasons for not being able to accede to your request.

Restriction of Processing, Object to Processing & Withdraw Consent At any time, you may request to place restrictions on processing or object to the processing of your Personal Data, on legitimate grounds, except if it's otherwise permitted by applicable law. You may at the time of collection and at any later time, oppose the processing of your personal data for the purposes of marketing. Where the processing of your information is based on your consent, you have a right to withdraw that consent subject to legal or contractual restrictions.

If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us with the contact details provided below. You also have a right to lodge a complaint with data protection authorities.

This provision does not apply to Personal Data that is part of Customer's Data. In this case, the management of the Customer Data is subject to the Customer’s own Privacy Policy, and any request for access, correction or deletion should be made directly to the Customer responsible for the uploading and storage of such data into the Service.

Incomplete Personal Information
Where indicated (for example in registration/application forms), it is obligatory to provide your personal information to us to enable us to process your application for TimeTec App, Website & Services. Should you decline to provide such obligatory personal information, we may not be able to process your application or provide you with TimeTec App, Website & Services.

Your Obligations
You are responsible for providing accurate and complete information to us about yourself and any other person whose personal information you provide us and for updating this personal information as and when it becomes incorrect or out of date by contacting the TimeTec Team via the contact details provided below. This obligation is a condition to the provision of TimeTec App, Website & Services to you and/or any other person authorised or permitted by you or your organisation/company to use the Products and/or Services. In the event you may need to provide us with personal information relating to third parties (for example about your spouse or children or where you are the designated person in charge (from an organisation or company) for dealing with us, if you are acquiring and are responsible for a service and/or product that they will use), you confirm that you have (i) obtained their consent or otherwise entitled to provide their personal information to us and for us to use accordingly, and (ii) informed them to read this Privacy Policy at our website.

Protection of Minors
As a general rule, children and persons under the age of 18 years should not disclose personal data to us without the consent of their parents or guardians. We do not solicit personal data from children and we do not knowingly collect personal data from children, use said data in any way or disclose said data to third parties without authorization.


How to Contact Us
If you have requests and questions or concerns about TimeTec Privacy Statement, please contact us at:

TimeTec Cloud Sdn. Bhd.
No. 6, 8 & 10, Jalan BK 3/2, Bandar Kinrara 47180 Puchong Selangor, Malaysia.
Tel: +603 - 8070 9933 Email: info@timeteccloud.com