Privacy Policy

INTRODUCTION AND TERMS

1. Introduction

When you use the Tyme app for Mac, iPhone, iPad and Apple Watch (hereinafter "TYME app"), I process personal data. These are treated confidentially and processed in accordance with the applicable laws - in particular the Basic Data Protection Ordinance (DSGVO) and the Federal Data Protection Act (BDSG-neu) in Germany. With these data protection regulations I want to inform you what personal data I collect from you, for what purposes and on what legal basis I use it and, if necessary, to whom I disclose it. I will also explain to you what rights you have to protect and enforce your privacy.

2. Terms

The data protection regulations contain technical terms which are new in the DSGVO and the BDSG. For your better understanding I will explain these terms in simple words in advance:

2.1 Personal data

"Personal data" means all information relating to an identified or identifiable person (Art. 4 No. 1 DSGVO). Details of an identified person can be e.g. the name or the e-mail address. However, personal data is also data for which the identity is not immediately obvious, but which can be determined by combining one's own or third-party information and thus finding out who it is. For example, a person can be identified by providing his or her address or bank details, date of birth or user name, IP addresses and/or location data. Relevant is any information that in any way allows an inference to a person.

2.2 Processing

Art. 4 No. 2 DSGVO defines "processing" as any process in connection with personal data. This applies in particular to the collection, collection, organization, arrangement, storage, adaptation or modification, reading, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data.

PERSON IN CHARGE

3. Person in charge

Responsible for data processing:

Name: Lars Gerckens
Address: Schanzenstr. 12a, 20357 Hamburg, Germany
Phone: +49(0) 40 22861177
E-mail: support [at] tyme-app [dot] com

DATA PROCESSING

4. TYME app

In the context of the TYME app, I process the personal data of yours listed in detail in sections 5-11 below. I only process your data that you actively provide on the TYME app (e.g. by filling in forms) or that you make available automatically when using our services. Your data will only be processed by me and will not be sold, lent or passed on to third parties. If I use the help of external service providers for the processing of your personal data, this is done within the scope of a so-called order processing, in which I am authorized to instruct our contractors as the customer. For hosting the TYME-App I use the external service provider "Host Europe" with the data center in Strasbourg. For more information about the data center and its security standards, please visit https://www.hosteurope.de/en/Host-Europe/Security/.

If any of the processing operations listed in paragraphs 5-11 involve the use of other external service providers, they shall be designated there.

A data transfer to third countries does not take place in principle and is also not planned. I will inform you about exceptions to this principle in the following processing steps.

DATA PROCESSING IN DETAIL

4 Conclusion of the contract

4.1 Description of processing

When you download the TYME app from the Apple App Store or the Apple Mac App Store, the required information is transferred to Apple. This includes, in particular, your user name, e-mail address, your Apple ID, the time of download, and the individual device code number. As part of an in-app purchase, you can then purchase a paid single-user version of the TYME app and take out a paid subscription via the "Team Tyme" version. When you make an in-app purchase, the information required for the purchase (user name, e-mail address, your Apple ID, time of download, the individual device code number, and your payment information) will also be transmitted to Apple. I have no influence on this data collection when downloading the TYME app or when making in-app purchases. I do not receive any personal information from you in this context. In particular, Apple does not provide me with your name, Apple ID or email address.

4.2 Purpose

Processing is performed by Apple for the conclusion and processing of purchase contracts via the single-user application of the TYME app or for the conclusion of subscription contracts via the Tyme app.

4.3 Legal basis

Processing is required for the conclusion and performance of the contracts (Art. 6 para. 1 lit. b DSGVO).

4.4 Storage time

Since I do not receive any personal data from you from Apple, especially for in-app purchases, Apple alone stores your address, payment and order data in accordance with commercial and tax law.

5. Setup Team Tyme

5.1 Description of processing

After completing a Team Tyme subscription as part of an in-app purchase (see item 4), the Team Admin must first be registered in order to set up a team. Registration is done by filling out the registration form in the TYME app and sending it to us electronically. To register, you must enter your e-mail address and a password of your choice. By clicking the button "Register" you send us the form. You will then receive an automatic welcome email. This contains a link to confirm your email address. Only after successful verification of your e-mail address by clicking on the confirmation link will your Team Tyme account be activated. As a registered Team Admin you have the possibility to invite other TYME users to your team. To do this, you must enter the names and e-mail addresses of the potential team members in the TYME app. The TYME app then sends an invitation by e-mail to the potential team members. This invitation contains a confirmation link with which a TYME user can join a team and then enter and settle times together with the other team members (see item 6).

5.2 Purpose

Processing takes place in order to provide the Team Tyme function of the TYME app.

5.3 Legal basis

The processing is necessary to fulfil the contractually owed services (Art. 6 para. 1 letter b DSGVO).

5.4 Storage time

A Team Tyme Admin can delete all team data from the TYME server by deleting the entire team via the web page: https://api.tyme-app.com/v1/team/delete?v=9999&l=en

6. Time tracking

6.1 Description of processing

The TYME app offers users the possibility of recording and billing times. To provide the functionality of the TYME-App, timers, projects, time entries and app settings are stored on the respective device (Mac, iPhone, iPad, Apple Watch) and not transmitted to me or the TYME server. When using the "Team Tyme" version, the names and e-mail addresses of all team members are recorded and the data created in the team (i.e. the projects entered, tasks, hourly rates, budgets and recorded times of each user in the team) are stored for you on the TYME App server.

6.2 Purpose

Processing takes place in order to provide the time recording functions of the TYME app.

6.3 Legal basis

The processing of your timers, projects, time entries and app settings is necessary to fulfil the contractually owed services (Art. 6 para. 1 lit. b DSGVO).

6.4 Storage time

In the standalone application, the data is deleted from your mobile device as soon as you uninstall the app. A Team Tyme Admin can delete all team data from the TYME server by deleting the entire team via the web page....

7. Synchronization with external cloud services

7.1 Description of processing

In the settings of the TYME app, users can activate synchronization of their timers, projects, time entries and app settings with the external cloud services Dropbox and Apple iCloud, provided they maintain an account with these providers and connect their account to the TYME app. In this case, your timers, projects, time entries, and app settings are sent to the cloud service you select. I have no influence on the processing of your data with the aforementioned providers. Information on data protection at Dropbox can be found here https://www.dropbox.com/privacy. iCloud's privacy policy is available at: https://www.apple.com/privacy/.

7.2 Purpose

Processing takes place in order to provide the synchronization function of the TYME app.

7.3 Legal basis

Your data will only be transmitted to an external cloud service with your consent (Art. 6 para. 1 lit. a DSGVO). This is issued when you connect your Dropbox or iCloud account to the TYME app in the app settings. Your consent is voluntary.

7.4 Storage period and revocation of consent

You can revoke your consent at any time and stop the transfer of your data to the external cloud services by deactivating the connection of your Dropbox or iCloud account with the TYME App in the App settings.

8 Apple Calendar Integration

8.1 Description of processing

In the TYME app settings, users can activate synchronization of their time entries with Apple's calendar program. In this case, your time entries are transferred to the calendar program of your terminal and also stored there. If you have connected your calendar program to your iCloud account for cross-device use, your time entries are also transferred to your iCloud. I have no control over the processing of your data on iCloud. iCloud's privacy policy is available at: https://www.apple.com/privacy/.

8.2 Purpose

Processing takes place in order to provide the calendar integration function of the TYME app.

8.3 Legal basis

Calendar integration only takes place with your consent (Art. 6 para. 1 lit. a DSGVO). This is given with the activation of this function in the app settings. Your consent is voluntary.

8.4 Storage period and revocation of consent

You can revoke your consent at any time and stop the transfer of your time entries to your calendar program by deactivating the calendar integration in the App settings.

9. Location data

9.1 Description of processing

Furthermore, you can activate the recording of the location of your device in the settings of the TYME app and define your "workplace" with a so-called geofence. This allows you to automatically record the time when and as long as you are in the geofence. If you leave the Geofence, the location is not recorded. Location and geofence data are only stored on your device in the single user version as well as in the Team Tyme version and are not transmitted to me or the TYME server. When location recording is active, your iPhone, iPad or Apple Watch displays data processing via a compass icon in the upper bar.

9.2 Purpose

Processing takes place in order to provide and perform the function for entering location data at the work center you have defined in the TYME app.

9.3 Legal basis

The processing takes place on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). This is issued with the activation of location data entry in the app settings. Your consent is voluntary.

9.4 Storage period and revocation of consent

You can revoke your consent at any time and stop the collection of your location data by deactivating the location data collection in the app settings.

10 Crashlytics

10.1 Description of processing

The TYME app uses the error diagnosis service "Crashlytics", which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter referred to as "Google"). If the TYME app crashes during use or if unexpected errors occur, specific information, namely device type, operating system version, date and time of the error, country from which the query takes place and the set operating system language is sent to Crashlytics. Crashlytics is used by me exclusively without a registration of your IP address. Further information on data protection at Crashlytics can be found here: https://fabric.io/terms

10.2 Purpose

Processing takes place in order to record and evaluate defects. This information is used to maintain and improve our app.

10.3 Legal basis

The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose stated in paragraph 10.2.

10.4 Storage period and right of objection

You can object to data processing by Crashlytics at any time by deactivating the collection and transmission of usage information and diagnostic data by Crashlytics in the settings of the app. This option is activated when the app is delivered. The analysis data processed and stored with Crashlytics will be automatically deleted by me after one year.

10.5 Recipient, transfer to third countries

Through the use of Crashlytics, personal data may be transmitted to Google. Google works for us as a service provider within the scope of an order processing. Google also processes your data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.

11 Answers.io

11.1 Description of processing

The TYME app uses the usage analysis service "Answers.io", which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter referred to as "Google"). Using Answers.io I can define individual sub-pages or menu items of our app with so-called "Custom Events" and collect and evaluate the interaction of the app users with these custom events. With Answers.io I collect usage actions (e.g. clicking a menu item), the device type, the operating system version, the app version and date of the event and send them to Answers.io. Answers.io is only used by me without collecting your IP address. For more information on Answers.io's privacy policy, please visit: https://fabric.io/terms.

11.2 Purpose

The processing is done to be able to evaluate the use of our app. The information gained in this way serves to improve and further develop our app.

11.3 Legal basis

The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose stated in paragraph 11.2.

11.4 Storage period and right of objection

You can object to data processing by Answers.io at any time by deactivating the collection and transmission of usage information and diagnostic data by Crashlytics in the settings of the app. This option is activated when the app is delivered. The analysis data processed and stored with Answers.io will be deleted automatically after one year.

11.5 Recipient and transfer to third countries

Through the use of Answers.io, personal data may be transmitted to Google. Google works for us as a service provider within the scope of an order processing. Google also processes your data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.

SECURITY MEASURES

12. Security measures

To protect your personal data from unauthorized access, all communication between the TYME app and my server is SSL-encrypted. SSL stands for "Secure Sockets Layer" and encrypts the communication of data between a TYME app and the user's end device.

YOUR RIGHTS

13. Rights of the persons concerned

With regard to the data processing described above, you are entitled to the following rights of data subjects:

13.1 Information (Art. 15 DSGVO)

You have the right to ask me to confirm whether I am processing personal data concerning you. If this is the case, you have a right to information on this personal data and on the detailed information listed in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.

13.2 Correction (Art. 16 DSGVO)

You have the right to request me immediately to correct any incorrect personal data concerning you and, if necessary, to complete incomplete personal data.

13.3 Deletion (Art. 17 DSGVO)

You have the right to request me to delete personal data relating to you immediately if one of the reasons listed in Art. 17 DSGVO applies in detail, e.g. if your data is no longer required for the purposes I pursue.

13.4 Limitation of data processing (Art. 18 DSGVO)

You have the right to request me to restrict the processing if one of the conditions listed in Art. 18 DSGVO is met, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the duration that enables us to check the accuracy of your data.

13.5 Data transferability (Art. 20 DSGVO)

You have the right, under the conditions set out in Art. 20 DSGVO, to demand the publication of the data concerning you in a structured, common and machine-readable format.

13.6 Revocation of consents (Art. 7 para. 3 DSGVO)

You have the right to revoke your consent at any time in the case of processing based on a consent. The revocation is valid from the time of its assertion. In other words, it works for the future. The processing does not become retroactively illegal by the revocation of the consent.

13.7 Complaint (Art. 77 DSGVO)

If you believe that the processing of personal data concerning you violates the DSGVO, you have the right of appeal to a supervisory authority. They may exercise this right before a supervisory authority in the EU Member State of their place of residence, of work or of the place where the alleged infringement is alleged.

13.8 Prohibition of automated decisions / profiling (Art. 22 DSGVO)

Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data, including profiling. I hereby inform you that I do not use automated decision making including profiling with regard to your personal data.

13.9 Opposition (Art. 21 DSGVO)

If I process your personal data on the basis of Art. 6 para. 1 lit. f DSGVO (to protect overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 DSGVO. However, this only applies if there are reasons arising from your particular situation. After an objection, I will no longer process your personal data unless I can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms. I also do not have to stop the processing if it serves to assert, exercise or defend legal claims. In any case - regardless of a particular situation - you have the right to object at any time to the processing of your personal data for direct advertising.

Last updated: May 2018