We’re committed to helping Timetastic customers comply with the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades and came into effect on 25 May 2018.
In addition to standardising user data privacy across the EU, it brought in higher standards of data protection with additional obligations when handling EU citizens’ personal data.
On this page, we provide some background to Timetastic security, some links to relevant security and privacy articles and answer some of the most frequently asked questions.
All to help you comply with GDPR.
To maintain your own compliance we recognise you'll have your own GDPR assessments to conduct and will have questions for data processors like ourselves.
In that regard we've provide a broad range of information here and you'll find more detailed information in our Data Security and Privacy articles in the legal section, these documents cover a significant amount of GDPR related questions.
A number of common questions have arisen in regard to GDPR which we'll try to answer here:
- Where is the data stored?
Data is stored in Microsoft's Azure cloud platform. At the time of writing this is their sites UK South and UK West.
- Is Data encrypted?
Yes absolutely. Data is transferred to Timetastic using HTTPS and stored at rest using Transparent Data Encryption.
- How do we delete data?
You can delete individual users and all their data from Timetastic within the app itself. You can also cancel and delete your entire account from the app. These delete functions are instant and not recoverable.
- Which sub processors do you use?
We maintain a specific list of sub processors, it's available here: list of 3rd Party Apps we use here.
- Do you have a specific data processing agreement?
To make life a little easier we've included all the specific terms required under Article 28 of the GDPR Act are included in the main Terms and Conditions.
- Who is your Data Processing Officer?
Timetastic isn't required to have a GDPR Officer. GDPR only requires an officer if the organisation is a public body, conducts large scale systematic monitoring of individuals such as behaviour tracking, or tracks special categories of data such as health.
- Can you sign our GDPR / Data Processing Agreement?
It would be pretty much impossible to manage separate legal agreements with 7,000+ different clients. That's why you'll find all the GDPR requirements taken care of in our standard Terms and Conditions.