GDPR and data security
at TimeOff.Management

‍

Introduction:The General Data Protection Regulation (GDPR) is a significant legislative change in European data protection laws, becoming enforceable on May 25, 2018. It aims to strengthen the security and protection of personal data in the EU, and acts as a single piece of legislation for all EU countries.

‍

‍Data Location:All data is stored in the UK, on DigitalOcean platform. Please refer to the DigitalOcean GDPR FAQs for further information.

‍

‍Data Usage:We will never sell your data.

‍

‍Data Protection:We utilize advanced encryption technologies to encrypt all data passing through our TimeOff.Management services during transmission. We use HTTPS to encrypt all data transmitted between you and our services. We also enforce HSTS to ensure that your initial request to our site is also secure. Data can be deleted within the application or the entire account can be deleted.

‍

‍Data Export:At TimeOff.Management, we believe in putting our users in control of their data. That’s why we’ve built in backup and reporting tools that allow you to export your data in CSV format, and if you need to, permanently erase it.

‍

‍Responsible Data Handling and Storage:We minimize the amount of data we collect and store, ensuring that every piece of data is backed by a justifiable reason. We have implemented strict policies for data retention, and personal data is deleted as soon as it is no longer necessary.

‍

‍Automated Infrastructure Monitoring:Our infrastructure is constantly monitored through automated tests to ensure it is always up and running, providing 100% availability. This allows us to regularly evaluate and assess the effectiveness of our measures in maintaining our system’s resilience and reliability.

‍

‍Secure User Identification and Authorization:To ensure maximum security, passwords for signing in are hashed and salted using a PBKDF2-based function in accordance with the recommendations of the UK’s National Cyber Security Centre. This means that passwords are securely stored and protected from potential breaches.

‍

‍Payment Handling:All payments are handled exclusively by PayPal, and TimeOff.Management does not store any payment information.

‍

‍Support:If you have any questions or concerns about security, please do not hesitate to contact our support team. We are always here to help clarify any uncertainties and provide you with peace of mind.

‍

TimeOff.Management application is hosted on DigitalOcean plantform

Data is stored in data centre in UK. DigitalOcean conducted an extensive analysis of their operations to ensure compliance with the requirements of the GDPR before it went into effect. Please check their FAQs regarding GDPR here.

‍

Payments are process by PayPal.

All payment processing is done by Paypal. Please check their Privacy policy here.

‍

Data is transferred using HTTPS and encrypted at rest.

When data in transferred it is encrypted using HTTPS.

‍

Passwords are encrypted.

Passwords are encrypted with a 1 Way Salt. But please make sure that you create a strong password. It is a good idea to check your password using a password checker tools.

‍

Report security issue.

Please use our contact us form to raise any issue. We will do our best to replay asap.

‍

‍GDPR gives you new protection rights and assures better access to your personal data.

Right to rectification: Rectify your personal information at any time from your account settings. You can also contact us directly to do so.
‍

Right to be forgotten: Cancel your TimeOff.Management subscription and close your account at any time. Once you delete your account all data will be erased and can not be reinstated.
‍

Right to portability: Data can be exported from application at any time.
‍

Right to object: If you would like to object how your data has been used please get in touch using our contact us forms.
‍

Right of access: You can contact us at any time to access and modify any of your personal data.

‍

Sub-contractors.
Under the GDPR, a sub-processor is any business which may process your data as a side effect of using the TimeOff.Management service.

Sub-contractor

Purpose

DigitalOcean

Cloud hosting

Mailgun

Email distribution

Anonymised statistical data

‍