When you use the Tyme app for Mac, iPhone, iPad and Apple Watch (hereinafter "TYME app"), I process personal data. These are treated confidentially and processed in accordance with the applicable laws - in particular the Basic Data Protection Ordinance (DSGVO) and the Federal Data Protection Act (BDSG-neu) in Germany. With these data protection regulations I want to inform you what personal data I collect from you, for what purposes and on what legal basis I use it and, if necessary, to whom I disclose it. I will also explain to you what rights you have to protect and enforce your privacy.
The data protection regulations contain technical terms which are new in the DSGVO and the BDSG. For your better understanding I will explain these terms in simple words in advance:
"Personal data" means all information relating to an identified or identifiable person (Art. 4 No. 1 DSGVO). Details of an identified person can be e.g. the name or the e-mail address. However, personal data is also data for which the identity is not immediately obvious, but which can be determined by combining one's own or third-party information and thus finding out who it is. For example, a person can be identified by providing his or her address or bank details, date of birth or user name, IP addresses and/or location data. Relevant is any information that in any way allows an inference to a person.
Art. 4 No. 2 DSGVO defines "processing" as any process in connection with personal data. This applies in particular to the collection, collection, organization, arrangement, storage, adaptation or modification, reading, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data.
Responsible for data processing:
Name: Lars Gerckens
Address: Schanzenstr. 12a, 20357 Hamburg, Germany
Phone: +49(0) 40 22861177
E-mail: support [at] tyme-app [dot] com
In the context of the TYME app, I process the personal data of yours listed in detail in sections 5-11 below. I only process your data that you actively provide on the TYME app (e.g. by filling in forms) or that you make available automatically when using our services. Your data will only be processed by me and will not be sold, lent or passed on to third parties. If I use the help of external service providers for the processing of your personal data, this is done within the scope of a so-called order processing, in which I am authorized to instruct our contractors as the customer. For hosting the TYME-App I use the external service provider "Host Europe" with the data center in Strasbourg. For more information about the data center and its security standards, please visit https://www.hosteurope.de/en/Host-Europe/Security/.
If any of the processing operations listed in paragraphs 5-1 involve the use of other external service providers, they shall be designated there.
A data transfer to third countries does not take place in principle and is also not planned. I will inform you about exceptions to this principle in the following processing steps.
When you download the TYME app from the Apple App Store or the Apple Mac App Store, the required information is transferred to Apple. This includes, in particular, your user name, e-mail address, your Apple ID, the time of download, and the individual device code number. As part of an in-app purchase, you can then purchase a paid single-user version of the TYME app and take out a paid subscription via the "Team Tyme" version. When you make an in-app purchase, the information required for the purchase (user name, e-mail address, your Apple ID, time of download, the individual device code number, and your payment information) will also be transmitted to Apple. I have no influence on this data collection when downloading the TYME app or when making in-app purchases. I do not receive any personal information from you in this context. In particular, Apple does not provide me with your name, Apple ID or email address.
Processing is performed by Apple for the conclusion and processing of purchase contracts via the single-user application of the TYME app or for the conclusion of subscription contracts via the Tyme app.
Processing is required for the conclusion and performance of the contracts (Art. 6 para. 1 lit. b DSGVO).
Since I do not receive any personal data from you from Apple, especially for in-app purchases, Apple alone stores your address, payment and order data in accordance with commercial and tax law.
After completing a Team Tyme subscription as part of an in-app purchase (see item 4), the Team Admin must first be registered in order to set up a team. Registration is done by filling out the registration form in the TYME app and sending it to us electronically. To register, you must enter your e-mail address and a password of your choice. By clicking the button "Register" you send us the form. You will then receive an automatic welcome email. This contains a link to confirm your email address. Only after successful verification of your e-mail address by clicking on the confirmation link will your Team Tyme account be activated. As a registered Team Admin you have the possibility to invite other TYME users to your team. To do this, you must enter the names and e-mail addresses of the potential team members in the TYME app. The TYME app then sends an invitation by e-mail to the potential team members. This invitation contains a confirmation link with which a TYME user can join a team and then enter and settle times together with the other team members (see item 6).
Processing takes place in order to provide the Team Tyme function of the TYME app.
The processing is necessary to fulfil the contractually owed services (Art. 6 para. 1 letter b DSGVO).
A Team Tyme Admin can delete all team data from the TYME server by deleting the entire team via the web page: https://api.tyme-app.com/v1/team/delete?v=9999&l=en
The TYME app offers users the possibility of recording and billing times. To provide the functionality of the TYME-App, timers, projects, time entries and app settings are stored on the respective device (Mac, iPhone, iPad, Apple Watch) and not transmitted to me or the TYME server. When using the "Team Tyme" version, the names and e-mail addresses of all team members are recorded and the data created in the team (i.e. the projects entered, tasks, hourly rates, budgets and recorded times of each user in the team) are stored for you on the TYME App server.
Processing takes place in order to provide the time recording functions of the TYME app.
The processing of your timers, projects, time entries and app settings is necessary to fulfil the contractually owed services (Art. 6 para. 1 lit. b DSGVO).
In the standalone application, the data is deleted from your mobile device as soon as you uninstall the app. A Team Tyme Admin can delete all team data from the TYME server by deleting the entire team via the web page....
Processing takes place in order to provide the synchronization function of the TYME app.
Your data will only be transmitted to an external cloud service with your consent (Art. 6 para. 1 lit. a DSGVO). This is issued when you connect your Dropbox or iCloud account to the TYME app in the app settings. Your consent is voluntary.
You can revoke your consent at any time and stop the transfer of your data to the external cloud services by deactivating the connection of your Dropbox or iCloud account with the TYME App in the App settings.
Processing takes place in order to provide the calendar integration function of the TYME app.
Calendar integration only takes place with your consent (Art. 6 para. 1 lit. a DSGVO). This is given with the activation of this function in the app settings. Your consent is voluntary.
You can revoke your consent at any time and stop the transfer of your time entries to your calendar program by deactivating the calendar integration in the App settings.
Furthermore, you can activate the recording of the location of your device in the settings of the TYME app and define your "workplace" with a so-called geofence. This allows you to automatically record the time when and as long as you are in the geofence. If you leave the Geofence, the location is not recorded. Location and geofence data are only stored on your device in the single user version as well as in the Team Tyme version and are not transmitted to me or the TYME server. When location recording is active, your iPhone, iPad or Apple Watch displays data processing via a compass icon in the upper bar.
Processing takes place in order to provide and perform the function for entering location data at the work center you have defined in the TYME app.
The processing takes place on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). This is issued with the activation of location data entry in the app settings. Your consent is voluntary.
You can revoke your consent at any time and stop the collection of your location data by deactivating the location data collection in the app settings.
The TYME app uses the error diagnosis service "Crashlytics", which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter referred to as "Google"). If the TYME app crashes during use or if unexpected errors occur, specific information, namely device type, operating system version, date and time of the error, country from which the query takes place and the set operating system language is sent to Crashlytics. Crashlytics is used by me exclusively without a registration of your IP address. Further information on data protection at Crashlytics can be found here: https://fabric.io/terms
Processing takes place in order to record and evaluate defects. This information is used to maintain and improve our app.
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose stated in paragraph 10.2.
You can object to data processing by Crashlytics at any time by deactivating the collection and transmission of usage information and diagnostic data by Crashlytics in the settings of the app. This option is activated when the app is delivered. The analysis data processed and stored with Crashlytics will be automatically deleted by me after one year.
Through the use of Crashlytics, personal data may be transmitted to Google. Google works for us as a service provider within the scope of an order processing. Google also processes your data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.
The processing is done to be able to evaluate the use of our app. The information gained in this way serves to improve and further develop our app.
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose stated in paragraph 11.2.
You can object to data processing by Answers.io at any time by deactivating the collection and transmission of usage information and diagnostic data by Crashlytics in the settings of the app. This option is activated when the app is delivered. The analysis data processed and stored with Answers.io will be deleted automatically after one year.
Through the use of Answers.io, personal data may be transmitted to Google. Google works for us as a service provider within the scope of an order processing. Google also processes your data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.
To protect your personal data from unauthorized access, all communication between the TYME app and my server is SSL-encrypted. SSL stands for "Secure Sockets Layer" and encrypts the communication of data between a TYME app and the user's end device.
With regard to the data processing described above, you are entitled to the following rights of data subjects:
You have the right to ask me to confirm whether I am processing personal data concerning you. If this is the case, you have a right to information on this personal data and on the detailed information listed in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.
You have the right to request me immediately to correct any incorrect personal data concerning you and, if necessary, to complete incomplete personal data.
You have the right to request me to delete personal data relating to you immediately if one of the reasons listed in Art. 17 DSGVO applies in detail, e.g. if your data is no longer required for the purposes I pursue.
You have the right to request me to restrict the processing if one of the conditions listed in Art. 18 DSGVO is met, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the duration that enables us to check the accuracy of your data.
You have the right, under the conditions set out in Art. 20 DSGVO, to demand the publication of the data concerning you in a structured, common and machine-readable format.
You have the right to revoke your consent at any time in the case of processing based on a consent. The revocation is valid from the time of its assertion. In other words, it works for the future. The processing does not become retroactively illegal by the revocation of the consent.
If you believe that the processing of personal data concerning you violates the DSGVO, you have the right of appeal to a supervisory authority. They may exercise this right before a supervisory authority in the EU Member State of their place of residence, of work or of the place where the alleged infringement is alleged.
Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data, including profiling. I hereby inform you that I do not use automated decision making including profiling with regard to your personal data.
If I process your personal data on the basis of Art. 6 para. 1 lit. f DSGVO (to protect overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 DSGVO. However, this only applies if there are reasons arising from your particular situation. After an objection, I will no longer process your personal data unless I can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms. I also do not have to stop the processing if it serves to assert, exercise or defend legal claims. In any case - regardless of a particular situation - you have the right to object at any time to the processing of your personal data for direct advertising.
Last updated: May 2018