Privacy Policy
Processing of personal data in Time2Staff AS
Time2Staff privacy policy
This Privacy Policy provides information on how and why Time2Staff AS might collect, use, store, and process your personal data when using our services either by downloading and using the mobile application or engaging with us in any other related ways including sales, marketing, and any events as well as the purpose of the processes. The Data controller for the processing of personal data is Time2Staff AS, a company established and registered in Norway with organization number 924 543 450, address: Lien 79, 5057 Bergen, Norway, email: post@time2staff.com (for customer service inquiries, please contact support here). Internally responsible for following up on Data Protection is the CEO, Kristoffer Hagenes.
Time2Staff is established in Norway and adheres to the General Data Protection Regulation (GDPR). Time2Staff processes personal data relating to customers (workplaces) and jobseekers (staff) in addition to some individuals who have contacted Time2Staff. The different types of personal data processed, as well as the purpose of the processing, legal basis, and source are further described below.
Time2Staff’s customers and users
Time2Staff processes the following data for the purpose of providing our customers with the services they have used and/or are interested to use. When you visit, use, or navigate our services, we may process personal information depending on how you interact with Time2Staff AS and the services, the choices you make, and the products and features you use.
The personal information that we collect depends on the context of your interactions with us and the services, the choices you make, and the products and features you use. The personal information we collect may include the following:
​
-
Names
-
Phone numbers
-
Business names
-
Photo
-
Business area of activity
-
Email addresses
-
Mailing addresses
-
Job titles
-
Skills
-
Star ratings
-
Usernames
-
Passwords
-
Date of birth
-
Work experience
-
IP Address
Sensitive Information:
-
Geolocation
-
Absence reason
We process your information to provide, improve, and administer our services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.
If you use our application(s), we also may collect the following information if you choose to
provide us with access or permission:
- Social Media Login Data. We provide you with the option to register with us using your existing social media account details, like your Facebook, and Google. You can also register using your Apple ID. The purpose of storing your social media login data is to facilitate login.
- Geolocation Information. We request access or permission to track and store location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's settings. The purpose of gathering and storing geolocation is to enable the staff to check-in and check-out from the shifts correctly and precisely.
- Absence reason. We store sick status data only when the app user provides us with that information as a reason to not show up at a shift or cancel a shift. Although we never request the jobseekers (staff) in the app to provide us with that sensitive information, if they choose to inform us that they are sick, we need to inform the workplace of this reason that the applicant (staff) is not able to work. The data is limited to only being sick or not and it is only about the user themselves.
- Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's calendar, reminders, SMS messages, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
- Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device's operating system or platform, the type of mobile device you use, your
mobile device's unique device ID, and information about the features of our application(s) you accessed.
- Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt-out from receiving these types of communications, you may turn them off in your device's settings. This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information by contacting Time2Staff support.
We automatically collect certain information when you visit, use, or navigate the services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information. such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our
services, and other technical information. This information is primarily needed to maintain the security and operation of our services and for our internal analytics and reporting purposes.
The information we collect includes:
- Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages, and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
- Location Data. We collect location data such as information about our device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt-out, you may not be able to use certain aspects of the services as the purpose of collecting this data is to count the shift hours precisely when staff arrive at a workplace and leave after a shift, and applicants cannot check in when they are further than a certain distance from the workplace.
We process your personal information for a variety of reasons, depending on how you interact with our services, including:
​
- To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account. as well as keep your account in working order.
​
- To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
​
- To request feedback and ensure service quality. We may process your information when necessary to request feedback and to contact you about your use of our services.
​
- To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes if this is in accordance with your marketing preferences. It will be sent out to the users who consent to receive marketing and promotional information. You can opt out of our marketing emails at any time.
​
- To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual's vital interest, such as to prevent harm.
​
- We collect information regarding your location to enable the check-in and check-out feature and calculate the working hours which is necessary to pay the correct amount of salaries. You need to determine their geolocation when working at a place to enable us to accurately calculate your working hours.
​
- Curriculum Vitae, work experience, job title, skills, photo as the profile image, and star rating are used to help you get a job and quality assurance for the workplace. By showing your previous experiences, job descriptions, star ratings, and experiences we increase your chance of getting shifts.
​
- To monitor your working hours. You manually check your working hours on the app when they arrive and leave the workplace.
​
- Absence reason. We process this information only if you choose to provide us with it as we never ask for it. This is a special case when you give tell us you are sick as a reason to cancel a shift, and we are obligated to inform the workplace that their staff will not show up at the arranged shift due to sickness. Otherwise, no shows/cancellations with no strong reason result in suspension from the Time2Staff app. We do not keep this data longer than two weeks.
We may share information in specific situations described in this section and/or with the following third parties. Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties" and “data processors”) who perform services for us or on our behalf and require access to such information to do that work such as paying the salaries. We have contracts in place with our data processors, which are designed to help safeguard your personal information. We furthermore, made sure that all of our data processors and third parties are GDPR compliant. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The third parties and data processors we may share personal information with are as follows:
- Facebook advertising
Social Media Sharing and Advertising
- Facebook Login and Google Sign-In
User Account Registration and Authentication
- EasyFreelance AB
Invoicing and payment function
- User.com
CRM platform
- Gatewayapi.com
SMS Gateway
- CloudTalk
SMS and call support
- DigitalOcean
Hosting of database, API and web services
- Sendgrid
Dispatch of transaction emails
- Bamboora
Credit card payment processing
We also may need to share your personal information in the following situation(s):
- Business Transfers. We may share or transfer your information in connection with or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. Any transfer of personal data is in accordance with law and GDPR rules and regulations.
We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information, but we peruse the security lines to keep your data as secure as possible. Moreover, we would like to inform you that you, as the data subject, are the most important person to get notified in case of a data breach. Taking the GDPR articles into serious consideration, the notification will be sent out no longer than 72 hours.
We have Privacy Impact Assessment (PIA) and data mapping processes in place in addition to periodical technical measures such as anonymization and personal data encryption with a focus on confidentiality, Integrity, and Availability (CIA) of data. We continuously work toward having solid security measures in place and consider them seriously in our daily activities in each and every department.
Marketing
Time2Staff customers
Time2Staff processes the following personal data for the purpose of launching marketing campaigns and sending out surveys to improve our services and mobile applications as well as finding potential new customers based on similarities between the customer and the potential customer, using social media tools such as lookalike audience and similar:
-
Contact information: E-mail address, Name, Location (not precise/geolocation noise)
-
Activity History: The posted/applied and taken shifts through the Time2Staff app
The legal basis for the processing is consent from the data subject, which is voluntary to submit, and changeable at request. You have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, and update or delete your personal information by sending an email to privacy@time2staff.com or contacting Time2Staff support.
Visit the Time2Staff Code of Conduct.
We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
The General Data Protection Regulation (GDPR) requires us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can easily and quickly withdraw or change and choose among the options in your consent at any time by going to your profile in the Time2Staff app.
- Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you
- Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
- Send users information about special offers on services
- Understand how our users use our products and services so we can improve user experience
- To accurately calculate the working hours and pay you the exact amount of money
- Legal Obligations. We may process your information where we believe it is necessary for compliance
with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as in situations involving potential threats to the safety of any person.
How you can delete your data from our platform?
Time2Staff is committed to protecting the privacy of our users and ensuring the security of their personal information. In compliance with data protection regulations, we thoroughly delete all personal data that is not required by law. However, certain information, such as work history with Time2Staff, must be retained for legal purposes, such as tax reporting and compliance with labor laws.
To fulfill our legal obligations, we keep only the necessary data, which includes hours worked through our app. This information is crucial for tax authorities and other relevant agencies. In order to maintain our users’ privacy, we make sure that all retained data is anonymized, meaning that it cannot be traced back to individual users.
Rest assured that Time2Staff takes data protection seriously and employs stringent security measures to safeguard the information we hold. By adhering to these principles, we strive to create a secure and trustworthy environment for our users.
To delete your Time2Staff account, use the in-app deletion button or submit a deletion request here. Your account will be permanently deleted within 5 working days. This ensures a secure and GDPR-compliant removal of your personal data from our systems.
Your rights under GDPR
​
-
Requesting information about the processing of personal data and access to the data
-
Rectification and deletion of inaccurate or incorrect data
-
Restriction of processing
-
Objecting to processing
-
Data portability
-
Being forgotten
Complaints
​
If you are not satisfied with Time2Staff’s processing of personal data or have questions or inquiries concerning Time2Staff’s processing of personal data, please write to the following address: Lien 79, 5057 Bergen, Norway or email us at post@time2staff.com.
Data subjects may also file a complaint by contacting the Data Protection Authority in Norway or if the customer is resident elsewhere in Europe their local data protection authority.
​
​
​
Last update 28.04.2023