Data Protection Officer
Timebook Software, Inc.
2195 PARADISE DRIVE TIBURON, CA 94920
To use the Services, a separate “Service Agreement”, which is defined as our Terms of Service (available here) or a separate written master services agreement, must have been entered into with us by you or an organization with which you are associated (e.g., your employer or another entity or person) (“Related Entity”). This Service Agreement governs delivery, access, and use of the Services, including the processing of any messages, files or other content submitted through Services accounts (collectively, “Entity Data”).
Users granted access to the Services under a Service Agreement are referred to as “Authorized Users.”
For any Related Entity that entered into the Service Agreement, it controls its instance of the Services (its “Workspace”) and any associated Entity Data. In such as case, if you have any questions about specific Workspace settings and privacy practices, please contact the Related Entity whose Workspace you use. If you have received an invitation to join a Workspace but have not yet created an account, you should request assistance from the Related Entity that sent the invitation.
Personal Information We Collect
When an Authorized User accesses the Services, that user or the Related Entity with which that Authorized User is associated, may routinely submit personal information to us (“Personal Information”), which includes the following:
Account Information. To create or update your account, you or your Related Entity (e.g., your employer) supplies us with an email address, name, phone number, password, and other similar account information.
Payment Information. You or Related Entities that subscribed to a paid version of the Services provide us (or its payment processors) with billing information such as a billing address, credit card, and/or banking information, etc.
Interaction Data. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work, including the Workspaces, channels, people, features, content and links you view or interact with, the types of files shared and what Third-Party Services are used (if any).
Log Data. As is common with online platforms, our servers automatically collect information when you access or use the Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
Device Information. We collect information about the devices Authorized Users use to access the Services, including the device type, software (e.g., operating system, browser, or other applications that are used to access the Services), device settings, application identifiers (IDs), unique device IDs, crash data, etc. The amount and nature of the information we collect may be dependent on the type of device and the settings of the device being used.
Location Information. We may use information received from Authorized Users or Related Entities or other third-parties to help us determine or approximate your location, which can help us evaluate and optimize the provision of the Services.
User Contributions. You also may provide information, images, and other content to be published or displayed (hereinafter, "posted") on public areas of the Services or transmitted to other users of the Services or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although you may have the option to set certain permission settings through your account, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other Authorized Users of the Services with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Third-Party Services. Our Services provide you with a management center for all your work items. Since many Authorized Users and Related Entities typically rely on several different Third-Party Services to perform their work, we provide the option for Authorized Users and/or Related Entities to integrate the Third-Party Services with our Services. Once connected, the provider of a Third-Party Service, such as a email provider, calendar provider, project management provider, file storage provider, etc., may share certain Personal Information with us. For example, to facilitate the connection, we may receive integration information, such as certain account information of Authorized Users, along with other information that the application makes available to us to enable and support the integration. Authorized Users and Related Entities are solely responsible for and should check the privacy settings and notices in these Third-Party Services to understand what Personal Information may be disclosed to us by the Third Parties. We have no control over and assume no responsibility for the content, privacy policies or practices of any Third Parties or their Third-Party Services. When a Third-Party Service is enabled, we are authorized to connect and access Personal Information made available us. For more information on Third-Party Services, https://www.timebook.net/third-parties-services-list/.
Contact Information. Any contact information that an Authorized User chooses to import (such as an address book from a device or API) is collected when using the Services.
Supplemental Data. We may receive data about organizations, industries, lists of companies that are customers, site visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners, or others that we use to make our own information better or more useful, such as managing our customer base and determining the effectiveness of marketing campaigns. This data may be combined with Personal Information we collect.
Other Information. We also receive other information when submitted to Services or in other ways, such as if you contact us for customer support, participate in a survey, focus group, contest, activity or event, apply for a job, enroll in a certification program or other educational program hosted by us or a vendor, interact with our social media accounts or otherwise communicate with us.
How We Use Personal Information
We may use Personal Information we obtain about an Authorized User, or that an Authorized User or Related Entity provides to us:
to provide, operate, evaluate, and improve the Services;
for billing, account management, and other administrative purposes;
to provide and support integrations with Third-Party Services;
to analyze trends and statistics regarding use of the Services and transactions conducted using the Services;
to develop new products and services;
to send and receive electronic messages (e.g., emails, texts, webchat messages, instant messages, etc.) (“Electronic Messages”);
to send you the information or materials you requested;
to communicate with you about our products, services, offers, and promotions;
to provide user support;
to maintain records;
to comply with applicable legal requirements and industry standards;
to adhere to our terms of service, service agreements, and other agreements;
to protect against and prevent fraud, unauthorized transactions, claims, and other liabilities, and manage risk exposure, including by identifying potential hackers and other unauthorized users;
for any other purpose for which you provide your consent.
Non-Personal, Anonymized and De-identified Information
To the extent information not associated with an identified or identifiable natural person, or if Personal Information is anonymized, aggregated or de-identified (“Anonymized Information”) so that it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose unless otherwise not permitted under the Service Agreement.
How We Share and Disclose Information
to provide our Services to you;
to provide the Services to other Authorized Users or Entities;
to share a Workspace or information with other users invited to access and use the Workspace or information;
to provide support;
to fulfill instructions from Authorized Users or Entities;
to enable Third-Party Service integrations;
to our subsidiaries and affiliates;
to contractors, service providers, and other third parties we use to support our business;
to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
to enforce or apply our Service Agreement or other legal agreements and rights;
if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Timebook, users of the Services, and/or others;
for any other purpose which is incidental to the normal use of the Services; and
for any other purpose for which we receive user consent.
We may disclose Anonymized Information about Authorized Users, and information that does not identify any individual user, without restriction.
The Services are administered by Timebook in the United States. When we obtain information about Authorized Users through their access to or use of the Services or when Authorized Users input or import information to the Services from somewhere other than the United States, we may transfer, process, and store such information in the United States. If you access the Services from outside the United States, you do so on your own initiative, at your sole risk, and you are responsible for compliance with all applicable laws. If you are a non-United States resident and provide us with your Personal Information, or if you use the Services, you consent to the transfer to and processing of such information in the United States, which may have data protection laws less stringent than those in the country in which you reside. Additionally, if any information you provide to us includes the Personal Information of other individuals (e.g., your customers or clients), you confirm that you have all necessary authority and consents to transfer such information to us.
Third-Party Vendors include without limitation the following:
Cloud Providers. We use cloud services providers to host and secure our Services. These include:
Analytics. We may use Third Party Vendors to monitor and analyze the use of our Services.
Google Analytics. Google Analytics is an independent web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can learn about Google’s privacy practices at https://www.google.com/intl/en/policies/privacy. You may opt out of the aggregation and analysis of data collected about you on our Services by Google Analytics by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. Please note that if you opt out, analytics companies other than Google Analytics may continue to aggregate and analyze data collected about you on the Services.
Payment Processing. We use Third Party Providers to process payment transactions initiated via the Services. Your payment card details are not stored by the Services. If you purchase a subscription to the Services, your payment card details are encrypted and securely stored by our third-party payment processors to enable Timebook to automatically bill your payment card on a recurring basis. We currently use the following third party payment processing services:
Other Vendors. We also use Third Party Providers for technical, operational, and other services, including as follows:
We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:
Electronic Messages from Timebook. Timebook sends alerts, activity updates, billing information, information about products or services, support information, service updates, service notifications, and other items to you via Electronic Messages. Promotional Electronic Messages will contain instructions describing how you can opt out of receiving future promotional communications from us. If you opt out of promotional Electronic Messages, you may continue to receive non-promotional, transactional emails from us.
Accessing and Correcting Personal Information. Your account information and other Personal Information is accessible anytime through and may be reviewed and changed by logging in to your user account. You may also send us an email at firstname.lastname@example.org to request access to, correct, or delete any Personal Information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. If you delete your User Contributions from the Services, copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other users.
Do Not Track Signals
Your California Privacy Rights
Under the CCPA, California consumers have the right to:
Request that we disclose to you the Personal Information that we have collected, used, disclosed or sold (“Right to Know”);
Request that we delete your Personal Information that we have collected or maintained (“Right to Delete”);
Opt out of the sale of your Personal Information; and
Not receive discriminatory treatment for exercising your privacy rights.
Right to Know. You may request from us a list of (i) the Personal Information that we have collected about you, and (ii) the categories of third parties to whom we have disclosed your Personal Information. You have the right to up to two (2) access requests each twelve (12) months.
Right to Delete. You may request, at any time, that we delete your information and direct our service providers to delete your information from their records.
Opt-out of sale. Timebook does not sell any Personal Information, even under the broad CCPA definition of a “sale.”
Non-discrimination. We will never discriminate against any California resident who exercises these rights.
Exercising your Privacy Rights
Categories of Personal Information Collected
The Personal Information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the CCPA, depending the type of user you are (e.g., buyer, seller, or affiliate) and how you engage with the Services:
Identifiers such as your name, email, address, IP address, and IDs
Other individual records such as phone number, billing address, credit or debit card information, financial account information, employment information, and physical characteristics. This category includes personal information protected under pre-existing California law (Cal. Civ. Code 1798.80(e)) and overlaps with other categories listed here.
Demographics, such as your age range and gender. This category includes data that may qualify as protected classifications under other California or federal laws.
Commercial information, including purchases made or considered and purchase histories and tendencies.
Internet activity, including your interactions with our Services and what led you to our Services.
Sensory visual data, such as pictures posted on Services.
Geolocation data provided through your physical address, location enabled services or via your IP address.
Professional or employment-related information about the sellers that sell items on the Services or affiliates.
Inferences, including information about your interests, preferences, and characteristics.
Your Privacy Rights in Europe, U.K., and other Regions
Basis for Processing
If you are a resident of the European Union, the U.K., or other foreign or U.S. jurisdictions with privacy regulations that are the same or similar to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), you are entitled to certain information and have certain rights, which may include:
the right of access to your information.
the right to rectify your information if it is incorrect or incomplete.
the right to have your information erased (“right to be forgotten”) if certain grounds are met.
the right to withdraw your consent to our processing of your information at any time (if our processing is based on consent).
the right to object to our processing of your information (if processing is based on legitimate interests).
the right to object to our processing of your information for direct marketing purposes.
the right to receive your information from us in a structured, commonly used and machine-readable format, and the right to transmit your information to another controller without hindrance from us (data portability).
Data Minimization and Purpose Limitation
We will not process your Personal Information in a way that is incompatible with the purposes for which it has been collected or collect any personal information that is not needed for these purposes.
Exercising Your Privacy Rights
You may contact us at email@example.com to exercise any of the above rights. We may request specific information from you to confirm your identity, and in some circumstances, we may charge a reasonable fee for access to your information.
Furthermore, if you believe that our processing of your information is inconsistent with your data protection rights under the GDPR and we have not adequately addressed your concerns, you have the right to lodge a complaint with the data protection supervisory authority of your country.
For purposes of the GDPR, we are a “controller” and you are a “data subject.”
Privacy of Children
The Services are not intended for or directed to children. No one under age 13 (or, with respect to residents of Europe or where so required by applicable law, under age 16) (the “Consent Age”) may provide any information to or on the Services. Timebook does not knowingly collect or solicit Personal Information from children under the Consent Age. If you are under the Consent Age, do not use or provide any information through the Services or any of its features, register on, make any purchases through, or use any of the interactive or public comment features of the Services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under the Consent Age, we will delete that information. If you believe we might have any information from a child under the Consent Age, please contact us at firstname.lastname@example.org. Notwithstanding the foregoing, Timebook may store information about children under the Consent Age in connection with the Services where consented to by the appropriate parent or guardian.
Timebook takes protecting your information seriously and implements reasonable measures to secure Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. However, the electronic transmission of information over the Internet is not completely secure. We cannot guarantee that the security measures we have in place to safeguard the information we store and process will never be defeated or fail, or that such measures will always be sufficient or effective. Any transmission of information is at your own risk. When you click a link to a third-party site, you will be leaving our services and we don’t control or endorse what is on third-party sites.
We note that the safety and security of your information also depends on the vigilance of users like you. Where we have given Authorized Users (or where they have chosen) a password for access to the Services, they are responsible for keeping their passwords confidential. Authorized Users should not share their passwords with anyone and we urge all Authorized Users to be careful about what information they share on the Services.
We store some information indefinitely for legal and operational purposes, such as technical support, abuse prevention, and compliance. Other data such as web server logs are only kept as long as space is available for them. We take measures to delete your Personal Information or keep it in a form that does not permit identifying you unless such information is necessary to resolve disputes or enforce our agreements.
The retention period for data retained is determined by various criteria such as the type of user, the product serviced, and the nature of our relationship. The retention period can be lengthened or shortened based on the cancellation or re-enrollment of our services with products. The retention period can also be modified based on internal changes in auditing requirements and/or mandatory retention periods provided by law and statute of limitations.