ClickTime is happy to announce that we are in compliance with the General Data Protection Regulation (GDPR). This article explains how to use the GDPR features we've built to be compliant with the new regulations.
An Administrator for each organization should review the GDPR settings from the Company --> Preferences page if they have not done so already:
Next, indicate whether some, all, or none of your employees are EU residents and click "Update".
If you've chosen "Only some individuals in my organization are subject to GDPR", read on for instructions to choose which individuals are subject to the regulations.
If you've chosen "Only some individuals in my organization are subject to GDPR", you will need to update the Person Details page for everyone who uses ClickTime for your organization. This can be done by clicking into their record from the Company --> People page.
After opening the Person Details page, scroll down to the "Data Access Consent (GDPR)" section of the page and choose to "Edit Section". Then check the box indicating that "GDPR applies to this user" and then "Update".
Anyone who uses ClickTime and is subject to GDPR is required to consent to ClickTime processing data that may be personally identifiable. This pop-up message will appear and must be acknowledged before the employee can log into ClickTime.
Consent is required in order to access ClickTime.
Please note: In order to use the Mobile Application, the user must go to https://login.clicktime.com, enter their credentials, and acknowledge consent before they can log into the Mobile Application again. This also applies to anyone attempting to use the ClickTime Connector for QuickBooks, as well as our API, before they have given consent.
If anyone who has provided consent later decides they want to revoke consent, this can be done from their My Preferences page.
Scroll down to the "Data Access Consent" section of the page and choose to "Edit Section". They can then uncheck the checkbox that acknowledges consent and click "Update".
Doing so will log them out of ClickTime. A notice will be sent to ClickTime, who will contact the appointed Data Officer at your organization letting them know so they can remove the personal data for this user.
The Data Officer will then want to anonymize any personally identifiable information for the user, such as the name and email address, as well as any data stored in Custom Fields.