Privacy Policy

Last updated: January 2025

1. Introduction

TimeClock 365 is a cloud-based workforce management platform. This privacy policy explains how we collect, use, store, and protect personal data related to our clients (organizations), end users (employees), and website visitors.

We distinguish between three roles:

Clients: Organizations that subscribe to TimeClock 365 and control their employees' data. Clients determine the purposes and means of processing employee data.
End Users: Employees whose attendance is tracked using TimeClock 365. Their data is processed on behalf of and under the instructions of the client organization.
Visitors: Anyone who visits our website at timeclock365.com.

2. Who We Are

TimeClock 365 Ltd.
Hod HaSharon, Israel
Email: support@timeclock365.com
Phone: 03-7300000

For EU-related inquiries: gdpr@timeclock365.com

3. Data We Collect

From End Users (Employees)

Identification: name, employee ID, date of birth, photo
Contact: email address, phone number
Location: GPS coordinates at time of punch-in/out
Work data: clock-in/out times, working hours, project time, overtime
Biometric: fingerprint and face data remain on the local device; only timestamps and employee IDs are transmitted to TimeClock 365 servers

From Clients (Organizations)

Company name, address, billing information
Administrator account credentials
Organizational structure (departments, teams, managers)

From Website Visitors

IP address, browser type, pages visited (via cookies and analytics)
Form submissions (demo requests, contact forms)

4. How We Use Data

We process personal data for the following purposes:

Service delivery: To provide time tracking, attendance reports, and access control functionality
Legal compliance: To support clients' compliance with labor law attendance recording requirements
Support: To diagnose issues and provide customer support
Product improvement: Aggregate, anonymized analytics to improve system performance
Marketing (with consent): Newsletters and product updates to clients who opt in

6. Security

TimeClock 365 is ISO 27001 certified for information security management. Security measures include:

Encryption in transit: TLS 1.2+
Encryption at rest: AES-256
Hosting: Microsoft Azure (EU and US regions)
Access controls: Role-based, least-privilege
Regular security audits and penetration testing

7. Data Retention

Attendance records are retained for the duration of the client contract plus the legally required period (varies by country). Upon contract termination, data is deleted within 90 days or exported to the client on request.

8. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion (subject to legal retention requirements)
Portability: Receive your data in a machine-readable format
Objection: Object to certain types of processing

Note for employees: Your employer (the client) is the data controller for your attendance data. For access or correction requests, contact your HR or payroll team first.

9. Cookies

Our website uses cookies for:

Essential: Session management, security (cannot be disabled)
Analytics: Usage statistics (opt-out available)
Marketing: Ad performance (opt-out available via cookie banner)

You can manage cookie preferences via the cookie banner or your browser settings.

10. Contact

For privacy questions or to exercise your rights:

Email: support@timeclock365.com
GDPR: gdpr@timeclock365.com
Phone: 03-7300000
Address: TimeClock 365 Ltd., Hod HaSharon, Israel

We respond to all privacy requests within 30 days.