Privacy and retention policy for GDPR compliance for TimeOrganizer
What personal data do we handle?
Mandatory information
First name, email address
Social security number
In cases where TimeOrganizer is to be used for personnel ledger, social security numbers need to be entered due to requirements from the Swedish Tax Agency.
Optional data
Surname, Phone Number, Address, Health Information (Absence Report with free text box), alias, External ID, GPS Position
What are the data used for?
Personal data in the system is necessary to collect in order for the system to perform its function as a time reporting system and for us to identify you as a user and to complete our agreement with you as a customer.
We do not use your data for direct marketing for our other services.
The mail addresses that are embedded in the system are only used for mailings related to TimeOrganizer such as information about updates as well as planned and / or unplanned operating disorders.
How are the data collected?
The information is collected in a first step when you as a customer choose to submit your information to us to register for testing our system.
We also collect information after more users are put into the system by the registered for the account of the service or another user who has been assigned the role to be able to do this in the system.
Information may also be collected in our support / case management system when you email or call us for support.
How long is the data stored?
Depending on what kind of data it is and for what purpose you want to use the system, the information is stored for different lengths.
a. Data relating to the daily simple time reporting is saved for 3 months after ended account.
Information as a contact / reference for us to be able to bill you as a customer as well as billing documents are stored / saved at us for accounting purposes 7 years after ended account
b. Data relating to staff ledger
Email address, first name, last name and social security number are saved according to the tax offices’ requirements for 3 years after the account has ended.
We do not save any personal data that is not relevant to this type of storage longer than 3 months after ended service.
To whom is the information given?
We will only disclose information to third parties in cases where it´s required by law, such as the Swedish Tax Agency in the case of staff ledger.
How is the data protected?
TimeOrganizer is a cloud service, which means that your data is stored at our data center in Stockholm. Our data center holds the highest security class and is supervised 24/7, 24/7/365.
Routines in case of possible interference with the database
Upon detection of an infringement, we will inform the Data Inspectorate (Dataskyddsmyndigheten) within 72 hours. We will also send you as a customer an email with information about what information may have ended up in the wrong hands.
In a next step, it´s you, the customer, who is responsible for informing your employees who then take necessary action.
Your rights
You as a registered user are entitled to have information sent to you over which information we have registered for you, free of charge one (1) time per year. In order to get this, a written request must be made to us.
You are also entitled to be “forgotten”. If you have not used the system as a staff ledger, your data will be removed within three (3) months.
If the system is used to meet the tax office requirements, the data will be stored for three (3) years as required by the tax office.
Contact details
TimeOrganizer is provided by Trust-IT Sweden AB.
556538-4699
Trust-IT Sweden AB
Solna torg 3
171 45 Solna, Sweden
+46 (0) 8-734 60 00
For more information
More information about GDPR and the new rules can be found on the Swedish Data Inspectorate’s website.
