GDPR Compliance

GDPR Compliance

Your data protection rights under the General Data Protection Regulation (GDPR) and how Timenox ensures compliance.

Last updated: January 2025

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union. It gives individuals greater control over their personal data and requires organizations to be more transparent about how they collect, use, and protect personal information.

While Timenox is based in India, we are committed to GDPR compliance for our EU users and customers, ensuring that your personal data is protected according to the highest standards.

2. Our GDPR Commitment

Timenox is committed to protecting your personal data and ensuring GDPR compliance. We have implemented comprehensive measures to:

  • Process personal data lawfully, fairly, and transparently
  • Collect data only for specified, explicit, and legitimate purposes
  • Ensure data is adequate, relevant, and limited to what is necessary
  • Keep data accurate and up-to-date
  • Store data only for as long as necessary
  • Implement appropriate security measures
  • Respect your data protection rights

3. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

3.1 Contract Performance

We process your data to provide our attendance management services, including:

  • Account creation and management
  • Attendance tracking and verification
  • Report generation and data analysis
  • Customer support and service delivery

3.2 Legitimate Interest

We may process data for our legitimate interests, such as:

  • Improving our services and user experience
  • Preventing fraud and ensuring security
  • Analyzing usage patterns to enhance functionality
  • Providing customer support and communication

3.3 Consent

For certain types of processing, we rely on your explicit consent, which you can withdraw at any time through your account settings or by contacting us.

4. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of your personal data and information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Portability

You can request a copy of your data in a structured, machine-readable format.

Right to Restriction

You can request limitation of processing in certain situations.

Right to Object

You can object to processing based on legitimate interests.

5. How to Exercise Your Rights

To exercise your GDPR rights, you can:

  • Use the privacy settings in your Timenox account
  • Contact us directly at support@timenox.com
  • Submit a formal data subject request
  • Use our self-service data export tools

We will respond to your request within 30 days, though this may be extended in complex cases. We may need to verify your identity before processing certain requests.

6. Data Processing Details

6.1 Data Controller

Timenox acts as a data controller for the personal data we collect directly from you. We are responsible for determining the purposes and means of processing your data.

6.2 Data Processor

When you use Timenox to manage employee attendance, you act as a data controller for your employees' data, and we act as a data processor. We process this data according to your instructions and our Data Processing Agreement.

6.3 Data Transfers

Your data may be transferred to and processed in countries outside the EU. We ensure such transfers comply with GDPR requirements through appropriate safeguards, such as Standard Contractual Clauses and adequacy decisions.

7. Security and Data Protection

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication measures
  • Data backup and disaster recovery procedures
  • Employee training on data protection
  • Incident response and breach notification procedures
  • Regular privacy impact assessments

8. Data Breach Procedures

In the unlikely event of a data breach that affects your personal data, we will:

  • Assess the nature and scope of the breach
  • Take immediate steps to contain and mitigate the breach
  • Notify relevant supervisory authorities within 72 hours
  • Inform affected individuals without undue delay
  • Document all breach-related activities
  • Implement measures to prevent future breaches

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: Retained while your account is active and for 7 years after deactivation
  • Attendance records: Retained for 7 years to comply with employment and tax regulations
  • Log data: Retained for 2 years for security and troubleshooting purposes
  • Marketing data: Retained until you opt out or for 3 years after last interaction

10. International Data Transfers

Your data may be transferred to and processed in countries outside the EU. We ensure compliance with GDPR requirements through:

  • Standard Contractual Clauses (SCCs) for data transfers
  • Adequacy decisions where applicable
  • Binding corporate rules for intra-group transfers
  • Additional safeguards and security measures

11. Contact Information

For GDPR-related inquiries, data subject requests, or to report a data breach, please contact us:

Email: support@timenox.com

Address: Timenox, Mumbai, India

Data Protection Officer: Available upon request

EU Representative: Available for EU-specific inquiries

12. Updates to This Policy

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. We will notify you of any material changes and update the "Last updated" date accordingly.