In accordance with the General Data Protection Regulation (GDPR), data subjects will have the right to access, rectify, erase, and restrict processing of their personal data. As a customer, your company is the sole owner of the data submitted to ClickTime. Therefore, as defined by the GDPR, your company is the controller, and ClickTime is the processor. In simple terms, your company is responsible for addressing all data subject requests. To make this process simple, ClickTime has developed GDPR settings to help you be compliant. Click here to learn more about GDPR at ClickTime.
If your company has enabled the GDPR settings (which can be found on the Company --> Preferences page), and a data subject submits a request to exercise their right of access, rectification, erasure, or restriction of processing; ClickTime will contact the company's appointed Data Officer and we'll provide the company with the request, and this article to help address the request.
The GDPR states that all requests should be addressed within 30 days of receipt. Therefore, ClickTime will contact your Data Officer and, if this person is not responsive, we will contact all your ClickTime Administrators, to address the request. If the request is not fulfilled by day 26, ClickTime Support will anonymize the personal data before the 30 day deadline. This change is not revertible, and it will be immediately reflected in your account.
ClickTime's definition of personal data is limited to the User's Name and Email Address. If you have custom fields that contain personal data, please anonymize (or empty) the custom field when addressing the GDPR rights.
Right to Access Personal Data
Employees can access their personal data by running any of the reports available in the Personal --> My Reports page.
Right to Rectify Personal Data
Data subjects can update their Full Name under My Preferences. To rectify their Email Address, please contact your company's ClickTime Administrator, or email us at firstname.lastname@example.org.
Right to Erase Personal Data
Because some of our customers use Time Tracking data to optimize project and allocations, ClickTime uses anonymization to comply with the erasure of personal data right.
In order to address a request of erasure, ClickTime Administrators can go to the Company --> People page and edit the user by replacing their personal information with a random key of your choosing (more information on editing the Person Details page can be found here). Keep in mind for anonymisation to be valid under the GDPR, you need to replace (or delete) the personal data in all the systems that your company uses.
Right to Restrict Processing of Personal Data
Employees are able to withdraw consent on the My Preferences page (more details here). By withdrawing consent, the User is logged out of ClickTime and the Data Officer is contacted to anonymize the personal data. During this time, the User will not have access to ClickTime, unless they provide us with consent to process their personal data.