Data Processing Agreement
GDPR Article 28 — Compliant DPA
What Is a DPA?
Under GDPR Article 28, if you use TimeClock 365 to process personal data of EU employees, you are required to have a Data Processing Agreement (DPA) in place with us as your data processor.
The DPA defines the roles and responsibilities of TimeClock 365 (processor) and your organization (controller), and ensures both parties comply with GDPR obligations.
Key Points of Our DPA
- TimeClock 365 processes employee data only on your documented instructions
- Sub-processors are listed and subject to equivalent obligations
- EU employee data is hosted on Microsoft Azure EU data centers
- Data breach notification within 72 hours
- Data deletion or return upon contract termination
- Security measures: ISO 27001 certification, encryption, access controls
Request Your DPA
Contact our compliance team to request the current DPA document or to initiate a signed DPA for your organization:
Email: gdpr@timeclock365.com
Phone: 03-7300000
We respond to DPA requests within 5 business days.
ISO 27001 Certified
Our information security management system is independently audited and certified to ISO 27001 standard.
EU Data Residency
EU employee data is stored exclusively on Microsoft Azure data centers within the European Union.
GDPR Ready
Full Data Processing Agreement available. Sub-processor list maintained and updated. Breach notification process in place.