In accordance with the General Data Protection Regulation (GDPR), which is designed to protect individuals' personal data, data subjects have the right to access, rectify, erase, and restrict processing of their personal data. As a customer, your company is the sole owner of the data submitted to ClickTime. Therefore, as defined by the GDPR, your company is the controller, and ClickTime is the processor. In simple terms, your company is responsible for addressing all data subject requests. To make this process easier, ClickTime has developed GDPR settings to help you remain compliant. For more information about GDPR at ClickTime, see this article.
If your company has enabled the GDPR settings (available on the Company → Preferences page), and a data subject submits a request to exercise their right of access, rectification, erasure, or restriction of processing, ClickTime will contact the company's appointed Data Officer. We will then provide the company with the request and this article to help address it.
The GDPR states that all requests should be addressed within 30 days of receipt. Therefore, ClickTime will contact your Data Officer and, if this person is not responsive, we will contact all your ClickTime Administrators to address the request. If the request is not fulfilled by day 26, ClickTime Support will anonymize the personal data before the 30-day deadline. This change cannot be undone, and it will be immediately reflected in your account.
Important: For GDPR purposes, ClickTime's definition of personal data is limited to the user's name and email address. If you have custom fields that contain personal data, please anonymize (or empty) the custom field when addressing GDPR rights.
Jump to:
- Right to Access Personal Data
- Right to Rectify Personal Data
- Right to Erase Personal Data
- Right to Restrict Processing of Personal Data
Right to Access Personal Data
Employees can access their personal data by running any of the reports detailing their time entries, projects, and other related activities available on the Personal → My Reports page.
Right to Rectify Personal Data
Data subjects can update their Full Name under My Preferences. To rectify their Email Address, please contact your company's ClickTime Administrator, or email us at gdpr@clicktime.com.
Right to Erase Personal Data
Because some customers use time tracking data to optimize projects and allocations, ClickTime uses anonymization to comply with the right to erasure of personal data, preserving data integrity for historical reporting while still complying with data erasure rights.
In order to address a request for erasure, ClickTime Administrators can go to the Company → People page and edit the user by replacing their personal information with a random key of your choosing (for example, "anon-user-123"). More information on editing the Person Details page can be found here. Keep in mind that for anonymization to be valid under the GDPR, you need to replace (or delete) the personal data in all the systems your company uses.
Right to Restrict Processing of Personal Data
Employees can withdraw consent on the My Preferences page. By withdrawing consent, the user is logged out of ClickTime and the Data Officer is contacted to anonymize the personal data. This means their data can no longer be actively used for operations like time tracking, though it may be retained for compliance purposes. During this time, the user will not have access to ClickTime unless they provide us with consent to process their personal data.
Comments
0 comments
Article is closed for comments.