We, the Timqo Time s.r.o. company, are located at Za farou 844/15, 154 00, Prague 5, Czech Republic, ID. No. 07267932, registered in the Commercial Register of the Municipal Court in Prague, Section C, insert 298069 (“Timqo”), and we are the controller or processor of your personal data. Because we care about your privacy, we have enacted this Privacy Policy to explain to you what information we may collect about you, how we use this information, under what circumstances we may disclose the information to third parties, how long we can retain such information, why we process it and what your rights are in respect of this information.

This Privacy Policy applies to the services we offer (“Service”; “Services”) and provide in the Timqo app on our website at https://timqo.com (“Website”). This Privacy Policy applies only to personal information we process through our Services and Website and does not apply to any processing of personal data by third parties we may cooperate with.

Should you enter the personal data of other individuals into the Timqo app on the Website or should any such individuals (for example users who may be your employees) enter personal data themselves and they are not the contracting party to Timqo's Terms and Conditions agreement, such personal data shall be processed by Timqo as the processor and you, as the contracting party to the Terms and Conditions shall be the data controller. In such instances, the terms for the processing of personal data by Timqo as the processor as outlined in Annex 1 of this policy shall apply.

The Information that Timqo collects

We collect and process your personal data, including information that directly or indirectly identifies you. This includes your account information, use of the service and other personal data that may be collected automatically while you use the Service.

Privacy Policy for Registered Users

This Privacy Policy applies to customers who decide to create an account in the Timqo app, both as free and paid users.

Timqo as a Controller and Processor of Personal data

Timqo is the ”controller” of the personal data described in details below.

In some cases however, Timqo can also act as the “processor” of personal data. Within the Timqo app, users work inside virtual spaces called "Organisations". In these spaces, various data can be entered, recorded, used or otherwise manipulated. Every Organisation has one particular user identified in the Organisation as the “Organisation Owner”, who has legal control over, and is responsible for the personal data contained within that Organisation. This user is also the ”controller” of all of the personal data contained within the Organisation. Timqo processes this data on behalf of the Organisation's Owner and thus Timqo is in this case considered o be the ”processor” of that personal data. In such instances, the Terms for the processing of personal data by Timqo as the processor as outlined in Annex 1 shall apply.

The Information Timqo Collects as a Controller of Personal Data

A. Information about you and your account

Certain information about your user account, such as your user name, actual name, password and other login information needs to be collected in order to provide you with access to the Service, and to ensure the functionality of your user interface.

To set up your account, you will need to provide us with some basic information about you such as your name, email address, and password. You will then have the ability to provide optional profile information, such as an address or a photograph, however this optional information is not required. You provide it to us to improve your user experience and your work with the data inside the Service.

B. Information Processed While Using the Service

While you use the Service, we process information about how you use and interact with the Service. Such information includes:

• Log files – when you use the Service, our servers automatically record information in server log files. These log files may include information such as your web requests, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technology as well as other information.
• Location information – we collect and process general information about he location of the device from which you access the Service (e.g., approximate geographic location derived from an IP address). In order to provide our core Services, we need to track your location, however we do not track your device location when you are not using Timqo.
• Cookies and analytics information - we use cookies and collect statistics about the usage of our Service and Website. You can learn more about how we use cookies in our Cookie Policy.

C. Payment and Subscription Information

When you decide to subscribe to one of the Service's paid tiers, you will be required to provide us with your payment information, such as a credit card number or billing information. Where you do provide us with your credit card information, we use industry compliant third party payment services and we do not store your credit card information on our Website. We do however store and process your billing information.

D. Information from third party integrations

You can sign up and log on to Timqo using third party products and services such as Facebook, Google, or Apple (collectively, “Third Party Accounts”). if you access the Service through a Third Party Account, we will collect information that you have agreed to make available such as your name, email address, profile information and preferences. This information is collected by the Third Party Account provider and is provided to us subject to their privacy policies. You can generally control the information that we receive from these sources using the privacy settings inside your Third Party Account.

E. Other Information

You may provide us with information and personal data when you interact with us in other ways, such as when you submit requests or questions to us via forms or email (e.g., support forms, sales forms, user survey forms), beta testing, and requests for customer support and technical assistance.

We also process your personal information within the scope of the Service you ordered from us, and the particulars of the contract which you have entered in to with us.

Why we use and process your personal data

We process your personal data for several reasons. Each of these reasons must have a legal basis for the processing to be done so that such processing of personal data is lawful.

Contract fulfilment and actions taken before entering in to a contract

We use and process your personal data to operate and enable for you the Service, to process payments, provide support related to the Service or to communicate with you. We do all that to provide you with our Service at the highest quality.

Our legitimate interests

We also use the information and personal data we collect to analyse, develop and improve our Services as well as to market and promote our Services. This enables us to gain insights in to how our Services are used, which may also help us improve our Services. Such processing is necessary for the purpose of the legitimate interests pursued by Timqo.

our legitimate interests enable us to adapt our Service to your needs and also to take steps to enforce or defend our legal claims.

Our obligations

We also process your personal information for legal reasons, where we need to comply with our legal obligations, for example those which arise from a law or a regulation concerning taxation, accounting, financial reporting, prevention of terrorism or money laundering, or judicial or administrative processes.

We use marketing

In emails which we send to you, we may use certain analytics tools, such as clear GIFs, to capture data such as an action to open or click on any link. This data allows us to gauge the effectiveness of our communications and marketing campaigns. if you do not want us to contact you, you may inform us of this via our contact details below. You can also opt out by following the instructions located at the bottom of any commercial (or business) emails we send you. Please note that some emails and communications such as operational and service related emails are not for marketing and business purposes, but are important in order for the Service to operate and thus you may not opt out from receiving them.

Information about our use of cookies can be found in our Cookie Policy.

If you have entered in to a contract with us or if you have created a user account on our Website and thus you are a user of our Services, we are entitled to send you our newsletters for the period of 3 years unless you unsubscribe directly via the link in such newsletters. We are authorised to do this in context with our legitimate interests.

Sharing Information

We may share the information we process with third parties as follows:

• Service Providers - we may provide access to or share your information with select third parties that use the information to only perform services on our behalf. These third parties provide a variety of services for us, including data storage, security, payment processing and order completion, marketing, analytics as well as other services. These service providers have access only to the information necessary to perform these limited functions on our behalf and are required to protect and secure your information.
  These providers include:
  • Amazon Web Services - AWS is a provider of various computing services. You can learn more about AWS privacy practices.
  • Google Analytics - Google Analytics is a service that tracks and reports website traffic. For more information on the privacy practices of Google, please visit Google Privacy & Terms web page.
  • Adyen - Adyen is a payment provider. We use it to securely process your payments. You can review their Privacy Policy.
• Public authorities - We may provide your personal information to public authorities if it is in our interest to do so or if a public authority asks for your personal information.

Aggregating De-Identified Data

We may aggregate and/or de-identify information that you make available to us in connection with our Services in an anonymous format, so that such information can no longer be linked to you or your device. We may use it publically or share it with third parties, including partners, affiliates, services providers, and others.

Data retention

We will retain your personal information for the period necessary to fulfil the requirements outlined in this Policy unless a longer retention period is mandatory or permitted by law. Nevertheless, you can rest assured that we will only retain your personal information for the period necessary and  to the extent reasonably required. the period we will retain your personal information is outlined as follows:

• For the period we provide you with our Services
• For the period necessary to protect our rights or the period necessary to determine, exercise and defend our legal rights (up to 4 years)
• For the period of our subsequent possible legitimate interests (up to 4 years)
• For the period required by legal regulations (up to 10 years)

How We Protect your Personal Information

We take technological and organisational measures to protect your personal information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access.

Your Rights

as a data subject, you have all the rights under the GDPR (General Data Protection Regulation), and specifically:

• the right to obtain confirmation from us as to whether or not your personal data has been processed, and, where that is the case, to be given access to the personal data and additional information such as the purpose of the data processing, the categories of personal data concerned and the recipients or categories of recipients to whom the personal data has been or will be disclosed as per Article 15 of the GDPR;
• the right to have inaccurate personal data concerning you corrected as per Article 16 of the GDPR;
• the right to  have personal data in specific circumstances which are set out Article 17 of the GDPR erased, for example in situations where the personal data is no longer required in connection with the purpose for which it was collected or otherwise processed;
• the right to obtain restrictions to data processing in certain circumstances as set out in Article 18 of the GDPR, for example, where you contest the accuracy of the personal data which has been processed;
• the right to receive your personal data which you have provided to us, in a structured, commonly used, and machine readable format and  to disseminate this data to another controller without hindrance from us in such circumstances as are set out in Article 20 of the GDPR;
• the right to object to the processing of your personal data based on legitimate interests pursued by  us (within the meaning of Article 6(1)(f) of the GDPR) or  to the processing of data for direct marketing purposes, pursuant to Article 21 of the GDPR.

to exercise your rights, please contact us at the following e-mail address: support@timqo.com

Changes to our Privacy Policy

We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and usage practices, the features of our Service or advances in technology. We will make the revised Policy accessible on our Website. if we make a material change to the Policy, we will notify you of this.

Contact info

Questions or comments about this Privacy Policy may be submitted to us via  email at support@timqo.com or by mail to the address below:

Annex 1

TERMS For the DATA PROCESSING AGREEMENT

Timqo Time s.r.o., residing at Za  farou  844/15, 154  00, Prague  5, Company Identification No.: 07267932, incorporated in the Companies Register kept by the Municipal Court in Prague, Section C, Insert 298069 (hereinafter referred to as the „Provider”, “Timqo” or “Data Processor”) provides the Timqo app.

1. Definitions

1. the following terms shall have the meanings set out below:

• the "Customer” or “Data Controller” is the individual who enters in to an agreement with Timqo for the provision of its Service;
• the “User” is the user of the Service
• "Personal Data" is any Personal Data processed by the Provider on behalf of the Customer pursuant to or in connection with the Service;
• "GDPR" means EU General Data Protection Regulation 2016/679;
• "Services" means the Timqo app service;
• "Subprocessor" means any person appointed by or on behalf of the Provider to process Personal Data on behalf of the Customer in connection with the Principal Agreement.
• “Contract” is the agreement between Timqo and the Customer for the provision of the Service.

2. the terms, "Data Subject", "Personal Data", "Personal Data Breach", and "Processing" shall have the same meaning as in the GDPR, and their related terms must be interpreted accordingly.

2. Processing of Customer Personal Data

1. Timqo processes Personal Data for the Customer in accordance with the Customer's instructions and both parties enter in to this Data Processing Agreement in order to regulate their mutual rights and obligations.

2. Personal Data will be used or otherwise Processed only to provide the Service, which includes such needs which are connected with the provision of the Service.

3. the Provider shall Process Personal Data only following receipt of documented instructions from the Customer, including in matters dealing with  the transfer of Customer Personal Data to a third country or an international organisation, unless already required to do so by EU or relevant Member State legislation to which the Provider is subject, in which case the Provider shall to the extent permitted by applicable laws inform the Customer of that legal requirement before the relevant Processing of that Personal Data, unless that particular legislation prohibits such information to be provided on important grounds of public interest.

4.the type of Customer Personal Data to be Processed: the User's name, the User's title, their position, the User's employer and any other Personal Data contained in the content created by Users of the Service.

5. the categories of Data Subjects to whom the Customer Personal Data relates: the Customer's employees, the Customer's agents, the Customer's advisors, independent clients of the Customer (who are natural persons) and other subjects mentioned in the content created by users of the Service.

6.the Provider shall immediately inform the Customer if, in its opinion, the Customer's instructions infringe on GDRP or other EU or Member State data protection provisions.

7. the Customer acts as a controller or processor of personal data based on the nature of the Data processing involved. if the Customer is a processor, the Customer warrants that the Customer's instructions and actions with respect to the Customer's Personal Data, including its  appointment of the Provider as processor, have been authorised by the relevant administrator

3. the Provider's Staff

1. the Provider shall take reasonable steps to ensure the trustworthiness of any employee of the Provider who may have access to the Personal Data, and will ensure that all such individuals are subject to confidentiality undertakings, or statutory obligations of confidentiality.

4. Security

1. Taking in to account current circumstances, the costs of implementation and the nature, scope, context and purpose of Processing as well as the risks of varying expectations and importance of the rights and freedoms of natural persons, the Provider shall implement appropriate technical and organisational measures in relation to Customer Personal Data to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32 of the GDPR.

2. in assessing the appropriate level of security, the Provider will take in to account in particular the risks that are present with Processing, specifically from a Personal Data Breach.

5. Subprocessing

1. the Customer authorises the Provider to appoint (and permits each Subprocessor appointed  in accordance with this Section 5 to appoint) Subprocessors in accordance with this Section 5.

2. the Provider may continue to use Subprocessors which have been used previously.

3. the Provider shall give the Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. if  the Customer notifies the Provider in writing of any objections (on reasonable grounds) to the proposed appointment of the new Subprocessor within 7 days of receipt of that notice, the Provider shall not appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by the Customer and the Customer has been provided with a reasonable written explanation of the steps taken.

4. with respect to each Subprocessor, the Provider shall respect the conditions referred to in Article 28 (2) and (4) of the GDPR for engaging another Subprocessor.

6. the Rights of Data Subjects

1. Taking in to account the nature of the Processing, the Provider shall assist the Customer by implementing appropriate technical and organisational measures, insofar as this is possible, to fulfil the Customer's obligations to respond to requests to exercise Data Subjects' rights as set out in Chapter III of the GDPR.

2. the Provider undertakes to:

• promptly notify the Customer if it receives a request from a Data Subject under any Data Protection Legislation in respect of Personal Data; and
• not respond to that request except on the documented instructions of the Customer or as required by applicable legislation which the Provider is subject to, in which case the Provider shall to the extent permitted by the applicable legislation inform the Customer of that legal requirement.

7. Personal Data Breach

1. the Provider is required to notify the Customer without undue delay upon becoming aware of a Personal Data Breach affecting Personal Data and  to provide the Customer with reasonable information.

2. the Provider is required to co-operate with the Customer and take such reasonable steps as are directed by the Customer for the purpose of investigating, mitigating and remediating any such Personal Data Breach.

8. Personal Data Protection Impact Assessment and Prior Consultation

1. the Provider shall provide reasonable assistance to the Customer with any personal data protection impact assessments, as well as any prior consultations with supervising authorities or other competent data privacy authorities which the Customer reasonably considers to be required of them by Article 35 or 36 of the GDPR or any other legislation regarding the protection of Personal Data. in each case these shall be solely in relation to the processing of Personal Data, and will take in to account the nature of the Processing and information available to the Provider.

9. Deletion or return of Personal Data

1. Subject to Paragraphs 9.2 and 9.3 of this agreement, the Provider shall promptly, and in any event within 30 days of the date of termination of the Service involving the Processing of Personal Data (the "Termination Date"), delete all copies of that Personal Data.

2. Subject to Paragraph 9.3 of this agreement, the Customer may in their absolute discretion by notifying the Provider in writing within 14 days of the Termination Date, require the Provider to (a) return a complete copy of all Personal Data to the Customer by secure file transfer; and (b) delete all other copies of Processed Personal Data.

3. the Provider may retain Personal Data to the extent required by EU or relevant Member State legislation which requires storage of personal data and only to the extent and for such a period as is required by applicable EU or relevant Member State legislation.

10. Audit rights

1. Subject to Section 10.2 of this agreement, the Provider shall make available to the Customer upon request, all information necessary to demonstrate compliance with the GDPR and shall enable and contribute to audits, including inspections, by the Customer or an auditor authorised by the Customer in relation to the Processing of Personal Data.

2. the Customer shall give the Provider at least one (1) month's prior notice of any audit or inspection to be carried out in accordance with Section 10.1 of this agreement and shall make (and ensure that each of the Customer's authorised auditors makes) reasonable endeavours to avoid causing disruption to the Provider's business in the course of such an audit or inspection.