blank
Need to Chat?
Have questions or need help finding some info?
Chat Now

Data Management, Inc. Global Data Privacy Policy

Effective June 1, 2018

Data Management, Inc. (“DMI”), maker of TimeClock Plus, is a Workforce Management (WFM) provider that processes a vast amount of Personal Data. We process the personal data of our Clients’ employees on behalf of our Clients and of our business contacts. In order to provide the highest level of data protection, DMI has adopted the provisions of this Global Data Privacy Policy (“Privacy Policy”) for processing Client employee data and business contact data. In addition, DMI has implemented policies for processing Personal Data of DMI employees.

Please read this Privacy Policy carefully to learn how we collect, use, and otherwise process information relating to individuals ("Personal Data"), and your rights and choices regarding our processing of your Personal Data.

Data Management, Inc. Privacy Policy for Business Contacts

This Privacy Policy explains how DMI, (hereinafter "we", "our"), use and disclose Personal Data that we collect from Individuals who visit our websites and otherwise engage with us in business activities. This Privacy Policy also incorporates DMI's Privacy Policy for Business Data, which includes detailed information about how we processes data of our Business Contacts and the commitments we have made to protect that data. If you have additional questions about privacy please contact us at Privacy@TimeClockPlus.com.

For information on how DMI protects the Personal Data we process for Clients, please see the DMI's Privacy Policy for Client Employees.

1. Types of Personal Data

This Privacy Policy explains our practices with regard to Personal Data collected by DMI for its own Business Purposes. Personal Data is any information that can be used to identify, locate or contact you. Some examples of Personal Data collected directly by DMI include:

  1. If you express an interest in obtaining additional information about our services, request customer support, use our "Contact Us" or similar features, sign up for an event or webinar, or download certain content, we generally require you to provide us with your contact information, such as your name, job title, company name, address, phone number, or email address;
  2. If you makes purchases of our products or register for an event, we may also require you to provide us with financial information and billing information, such as billing name and address, credit card number, or bank account information;
  3. If you attend an event, we may, upon your consent, scan your attendee badge which will provide us with your name, title and company name, address, country, phone number and email address;
  4. If you use our products we may ask you to provide a first name, last name, username, and password;
  5. If you use and interact with our website or products, we automatically collect log files and other information about your device and your usage of our website and products through cookies, web beacons or similar technologies, such as IP-addresses or other identifiers, which may qualify as Personal Data (view the "What device and usage data we process" section below); and
  6. If you visit our offices, you may be required to register as a visitor and to provide your name, who you are visiting, company name, and time and date of arrivals.

 

    1. We may also collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data provided by you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we collect the following data from third party sources:

 

  1. Business Contact information, including mailing address, job title, email address,  phone number, 'intent data' which is web user behavior data, IP addresses, social handles, LinkedIn URL and custom profiles from third party data providers for the purposes of targeted advertising, delivering relevant email content, event promotion, and profiling.

Personal Data also includes other information that may be associated with your Personal Data.

2. How DMI Collects Personal Data

In most cases, we collect Personal Data directly from you. We will ask you for Personal Data when you interact with us, such as registering on our websites, signing up to receive a newsletter, making a purchase, signing up to receive marketing communications, or to provide DMI with services, goods or products. We may collect additional information from Third Party data suppliers who enhance our files and help us better understand our contacts.

If you interact with us online, we use cookies, web beacons, and other technological tools to collect information about your computer and your use of our website and applications. We treat this information as Personal Data when it is associated with your contact information. For more information about cookies and other technologies, please see the section Cookies and Other Data Collection Technologies below.

3. How DMI uses Personal Data

DMI uses your Personal Data for the following Business Purposes:

  1. Personal Data pertaining to Professionals with whom DMI has a business relationship may be processed as needed:

 

  1. To initiate, assess, develop, maintain, or expand a business relationship, including negotiating, contracting, and fulfilling obligations under contracts;
  2. For due diligence regarding the Individual's qualifications and eligibility for the relationship, including verifying the identity, qualification, authority, and creditworthiness of the Professional and obtaining publicly-available information from Third Parties (such as publicly-available sanction lists from screening companies); 
  3. To send transactional communications (such as requests for information, responses to requests for information, orders, confirmations, training, and service updates); 
  4. For account management, accounting, finance, and dispute resolution purposes (such as accounts receivable, accounts payable, account reconciliation, cash management, or money movement) and for consolidated management and reporting; 
  5. To assure quality control and to enforce company standards and policies; 
  6. For risk management and mitigation, including for audit and insurance functions, and as needed to license and protect intellectual property and other assets; 
  7. For security management, including monitoring Individuals with access to DMI's websites, applications, systems, or facilities, investigation of threats, and as needed for any Data Security Breach notification; and
  8. To anonymize or de-identify the Personal Data.

 

  1. Personal Data pertaining to Consumers and other Individuals with whom DMI has a business relationship may be processed as needed:

 

  1. To provide the information, product, or service requested by the Individual, and as would be reasonably expected by the Individual given the context in which the Personal Data were collected, and the information provided in the applicable privacy statement given to the Individual (such as for personalization, remembering preferences, or respecting Individual rights);
  2. For due diligence, including verifying the identity of the Individual, as well as the eligibility of the Individual to receive information, products, or services (such as verifying age, employment, or account status);
  3. To track job applicants for the purposes of recruiting, interviewing, and onboarding;
  4. To send transactional communications (such as requests for information, responses to requests for information, orders, confirmations, training materials, and service updates); 
  5. To manage the Individual's account, such as for customer service, finance, and dispute resolution purposes;
  6. For risk management and mitigation, including for audit and insurance functions, and as needed to license and protect intellectual property and other assets, 
  7. For security management, including monitoring Individuals with access to DMI's websites, applications, systems, or facilities, investigation of threats, and as needed for any Data Security Breach notification; and 
  8. To anonymize or de-identify the Personal Data.

 

  1. DMI may process Personal Data as needed (i) to protect the privacy and security of the Personal Data it maintains, such as in connection with advanced security initiatives and threat detection; (ii) for treasury operations and money movement activities; (ii) for compliance functions, including screening Individuals against sanction lists in connection with anti-money laundering programs; (iv) for business structuring activities, including mergers, acquisitions, and divestitures; and (v) business activities, management reporting, and analysis.
     
  2. DMI may process Personal Data to develop and improve DMI's products and/or services, and for research, development, analytics, and business intelligence.
     
  3. DMI may process Personal Data for relationship management and marketing. This purpose includes sending marketing and promotional communications to Individuals who have not objected to receiving such messages as may be appropriate given the nature of the relationship, such as product and service marketing, investor communications, Client communications (e.g., compliance alerts, product updates, and training opportunities and invitations to DMI events), customer satisfaction surveys, supplier communications (e.g., requests for proposals), corporate communications, and DMI news.
     
  4. DMI uses your Personal Data for Secondary Purposes such as:

 

  1. Disaster recovery and business continuity, including transferring the information to an Archive;
  2. Internal audits or investigations;
  3. Implementation or verification of business controls;
  4. Statistical, historical, or scientific research;
  5. Dispute resolution;
  6. Legal or business counseling;
  7. Compliance with laws and company policies; and
  8. Insurance purposes.

 

  1. DMI uses systems to store and process your Personal Data such as:

 

  1. Customer Relationship Management System (CRM);
  2. Applicant Tracking System (ATS);
  3. Mass Marketing Email Tools;
  4. Workforce Management Application (WFM);
  5. Technical Support Ticketing System;
  6. Project Management Tool;
  7. Email and Email Archive Servers;
  8. Phone Call Recording Application;
  9. Public Forums (Online Communities and Social Media);
  10. Instant Messaging Applications; and
  11. Relational Databases.

4. Why and How Personal Data is Disclosed by DMI

DMI commits to not provide your Personal Data to Third Parties for their own marketing purposes. We limit our sharing of your Personal Data to:

    1. Our service providers, who are bound by law or contract to protect your Personal Data and only use your Personal Data in accordance with our instructions.
    2. Our business partners, but only to the extent you have purchased product or service from such partner, interacted with such partner, or otherwise authorized the sharing. For example, if you are referred to DMI from a business partner website, we may provide that partner with your contact information and certain economic and financial information to validate the referral.
    3. Enforce our rights, protect our property, or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. We will also disclose Personal Data when required to do so by law, such as in response to a subpoena, including to law enforcement agencies and courts in the United States and other countries where we operate.

Please note that we may also use and disclose information about you that is not personally identifiable. For example, we may publish reports that contain aggregated, anonymized and statistical data about our Clients. These reports do not contain information that would enable the recipient to contact, locate or identify you. These reports also do not contain identifiable company information.

5. Cookies and Other Data Collection Technologies

When you visit our website or use our mobile applications, we collect certain information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons. For example, when you visit our website, we place cookies on your computer.

Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Cookies can contain and/or automatically collect information, such as a user identification code or IP address, which a website will use to track the pages and number of times you have visited, allowing us to recognize you when you return. They also help us provide a customized experience and enable us to detect certain kinds of fraud. The data read from these cookies may be linked to personally identifying (PII) and non- personally identifying (non-PII) information.  In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser. All browsers are different, so visit the "help" section of your browser to learn about cookie preferences and other privacy settings that may be available.

We and our partners use cookies and similar technologies on the website to personalize and optimize your browsing experience and the Website by:

  1. Providing you tailored content and advertisements (see below for more information);
  2. Enabling social media features;
  3. Safeguarding against spam and malware;
  4. Analyzing trends, traffic, and user behavior;
  5. Administering the website;
  6. Gathering demographic information about our user base as a whole;
  7. Tracking web and advertising analytics throughout the Website and its affiliate websites;
  8. Remembering your preferences and voluntarily-submitted information (e.g. custom video playlists, preferences, job title, story ratings, membership status);
  9. Performing location-related functionalities and analytics;
  10. Participating in market research (e.g., website ratings); and
  11. Educating ourselves about how we can continue to improve the Website and its various elements.



Cookies fall into the subcategories below.

  1. Essential Cookies. Certain cookies are used for specific purposes that are essential to your secure use and navigation of the website. Without them, DMI may not be able to provide core website functions and features to you, and the website would not operate as well as you or DMI would like. These cookies collect and use information such as your server preferences, single- session data and corresponding identifier, web beacons and log files (detailed below), and other credential-related information. For EU individuals, essential cookies also help inform DMI whether you require, or have already been served, an affirmative consent request in connection with the GDPR. Essential cookies include analytics cookies, which provide us data that allows DMI to better understand its users and improve the Website based on what we have learned from that data.
  2. Preference Cookies. Other cookies are used to collect and process information about your preferences and similar choices in connection with the website in order to optimize your browsing.  Preference cookies include social media cookies, which collect information about your social media usage and other data you may have provided in connection with such usage (if you access the website through a social media website or mobile application, you may have social media cookies). If you wish to modify or change your social media cookies, please visit and review the settings on your applicable social media account(s).
  3. Advertising Cookies. To help support the website and further tailor your experience, DMI and its advertising partners (and/or their third party analytics providers) also use cookies on the website to personalize the content and advertisements you may be shown. These Third Party advertising companies place advertisements on our website and other websites, and perform tracking and reporting functions for our website and other websites. These Third Party advertising companies may place cookies on your computer when you visit our website or other websites so they can display targeted advertisements to you. These Third Party advertising companies do not collect Personal Data in this process, and we do not give Personal Data to them as part of this process. This Privacy Policy does not cover the collection methods or use of the information collected by these vendors. For more information about Third Party advertising, please visit the Network Advertising Initiative (NAI) at www.networkadvertising.org.  You may opt out of being targeted by many Third Party advertising companies by visiting http://bit.ly/2Ig9IgT or http://preferences.truste.com/truste/


DMI uses Google Analytics as a Third Party vendor. For information on how Google Analytics uses data, please visit "How Google uses data when you use our partners sites or apps", located at http://bit.ly/2jXZ13Y.

We encourage you to consider keeping your cookies enabled, as if you choose to disable the receipt of cookies from our website, you may not be able to use or benefit from certain features of the website, particularly the features that are designed to personalize your experience.

Most web browsers automatically accept cookies, but generally allow users to modify their browser settings to display a warning before accepting a cookie, to accept cookies only from certain websites, and/or to refuse all cookies.

Pixel tags and web beacons are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.

In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without reference to Personal Data. For example, we use information we collect about website users to optimize our websites and to understand website traffic patterns. In some cases, we do associate the information we collect using cookies and other technology with your Personal Data. This Privacy Policy applies to the information when we associate it with your Personal Data.

Although our website does not currently have a mechanism to recognize the various web browser Do Not Track signals, we do offer Individuals choices to manage their preferences that are provided in the previous sections above. We do expect our Third Party adverting partners to use reasonable efforts to respect browser Do Not Track signals by not delivering targeted advertisements to website visitors whose browsers have a Do Not Track setting enabled. However, we understand that some companies do not have this capability today. To learn more about browser tracking signals and Do Not Track please visit http://www.allaboutdnt.org/.

6. Mobile Applications

DMI offers mobile applications that allow you to access aspects of your Personal Data, interact with our product and receive notifications via your mobile device. Personal Data collected by DMI via our mobile applications is protected by the terms of this Privacy Policy or our Privacy Policy for Client Employees, as applicable.

7. Communication Preferences

You may limit the information you provide to DMI. You may also limit the communications that DMI sends to you. To opt-out of commercial emails, simply click the link labeled "unsubscribe" at the bottom of any email we send you. Additionally, you may opt-in or opt-out of communications by calling us at +1 (325) 223-9500.

Please note that if you are currently receiving services from DMI and you have decided to opt-out of promotional emails, this will not impact the messages we send to you for purposes of delivering such services.

If you have questions about your choices or if you need assistance with opting-out, please contact us via email to Privacy@TimeClockPlus.com. You may also write us at the address in the How to Contact Us section below. If you send us a letter, please provide your name, address, email address, and information about the communications that you do not wish to receive.

8. Review, Correction, Erasure, and Other Individual Rights

DMI respects your right to review, correct, and delete your Personal Data, or object to the processing of your Personal Data. You may contact Privacy@TimeClockPlus.com to request access to your data, and to exercise any of the individual rights afforded to you by DMI's Privacy Policy for Business Data, or by applicable data protection laws and regulations. You may also write to us at the address in the How to Contact Us section below. If you send us a letter, please provide your name, address, email address, and detailed information about the changes you would like to make. DMI will receive, investigate, document, and respond to requests as soon as possible (30 days under GDPR) and in accordance with applicable data protection laws and regulations. These data subject requests will be documented in our ticketing system using relevant information which include name of the requestor, date of request, date and body of response(s) and any supporting documentation. In cases where the request cannot be fulfilled by DMI, any third-party processing relevant data will be contacted and notified of the required correction and/or erasure; however taking into consideration some instances where it may not be possible to complete the request because the third-party is no longer in business or it was acquired by another company and the effort would be disproportionate or impossible.

Although rights to data erasure are honored, in some cases such requests maybe denied under the following grounds such as the data is still needed for processing, the data subject gave consent but has not withdrawn consent; there has been a previous processing objection that has been granted; the data was processed lawfully, or there is a not a legal requirement to delete the data.  However, even if one of these five grounds are valid, DMI may still reject the request if it needs access to the data to comply with a law, defend a legal claim or for research/historic/scientific purposes (a).

Finally when a request necessitates data to be exported as part of fulfilling a subject's inquiry, Comma delimited files (CSV) will be generated by DMI unless otherwise not possible in which case a suitable alternative maybe presented.

9. Information Security

DMI is committed to maintaining the appropriate organizational, technical, and physical controls to protect Personal Data entrusted to DMI. These controls protect Personal Data from the anticipated threats and hazards as well an unauthorized access and use. In each case, DMI will strive to provide security that is proportional to the sensitivity of the Personal Data being protected, with the greatest effort being focused on protecting Sensitive Personal Data and other Personal Data whose compromise could result in substantial harm or inconvenience to the Individual.

Please note that you should also take steps to protect yourself, especially online. When you register a DMI product, choose a strong password, and do not use the same password that you use on other sites. Do not share your password with anyone else. DMI will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also remember to sign out of the product and close your browser window when you have finished your work. This is to ensure that others cannot access your Personal Data and correspondence if others have access to your computer.

10. Data Retention

DMI will only retain your information for as long as necessary for the Purposes for which the Personal Data is processed. DMI has implemented a Data Retention Policy and has established records retention schedules for all types of Personal Data that DMI processes. Personal Data is retained in accordance with the records retention schedules to ensure that records containing Personal Data are retained as needed to fulfill the applicable Business Purposes, to comply with applicable laws, or as advisable in light of applicable statutes of limitations. When the retention period has expired, records containing Personal Data will be securely deleted or destroyed, de-identified, or transferred to archive, in accordance with DMI's Data Retention Policy.

11. Prohibition of International Data Transfers

DMI is headquartered in the United States of America. Your Personal Data may be stored and processed by DMI in the United States but will not be shared, transferred, or stored outside of the United States.

12. Privacy Statements of Third Parties

This Privacy Policy only addresses the use and disclosure of information by DMI. Our Suppliers, Business Partners, and other Third Party websites that may be accessible through our TimeClockPlus.com website have their own privacy statements and data collection, use and disclosure practices. We encourage you to familiarize yourself with the privacy statements provided by Third Parties prior to providing them with information or taking advantage of an offer or promotion.

This Privacy Policy does not address non-affiliated Third Party websites or services that may collect your Personal Information and attempt to sell your Personal Information to DMI.  Examples of these websites and services include software advice websites, tradeshow attendee list resellers, and others.  We encourage you to familiarize yourself with the privacy statements provided by Third Parties prior to providing them with information or taking advantage of an offer or promotion.

13. Forums, Product Reviews and Other Public Areas

Our websites, including social media, may provide forums and other public areas where you may communicate with others and publicly post information. Prior to posting in these areas, please read the Terms of Use carefully. The information you post may be accessible to anyone with Internet access, and Personal Data you include in your posting may be read, collected, and used by others. For example, if you post your email address on a forum or in a public area, you may receive unsolicited messages from Third Parties. Please use caution when posting Personal Data.

14. Job Applicants

If you have applied for employment with DMI, the Personal Data submitted with your job application will be added to our applicant tracking system and used for recruitment and other customary human resources purposes in accordance with our DMI Applicant Privacy Policy. In addition we have determined we have a legitimate interest performing recruiting activities which involve data subjects applying for a job posting in order to be considered for a position in our company.

Upon assessment it is deemed that the rights and freedoms of the data subjects are not overridden during the process of gathering applicant's information for the purposes of finding qualified candidates. Also individuals submitting a job application do so as part of the application for employment process.

We conclude that legitimate interest is therefore the most appropriate basis for collecting and processing data subject information as part of the HR recruitment process and we understand the responsibility to protect the individual's interest.

The processing is necessary and there is no less intrusive manner to proceed and we only use the data in reasonably expected ways. Also it is not used in a way that could cause harm. We will ensure opt out option is always available in addition to the commitments made under the data retention policy in the global data privacy policy. Finally we maintain and keep record of our legitimate interest assessment as part of the justification process.

DMI respects your right to review, correct, and delete your Personal Data, or object to the processing of your Personal Data. You may contact Privacy@TimeClockPlus.com to request access to your data, and to exercise any of the individual rights afforded to you by DMI's Privacy Policy for Business Data, or by applicable data protection laws and regulations. You may also write to us at the address in the How to Contact Us section below. If you send us a letter, please provide your name, address, email address, and detailed information about the changes you would like to make. DMI will receive, investigate, document, and respond to requests as soon as possible and in accordance with applicable data protection laws and regulations.

15. Withdraw of Consent

DMI respects your right to withdraw consent to collect and process your Personal Data.  You may contact Privacy@TimeClockPlus.com to request access to your data, and to exercise any of the individual rights afforded to you by DMI's Privacy Policy for Business Data, or by applicable data protection laws and regulations. You may also write to us at the address in the How to Contact Us section below. If you send us a letter, please provide your name, address, email address, and detailed information about the changes you would like to make. DMI will receive, investigate, document, and respond to requests as soon as possible and in accordance with applicable data protection laws and regulations.

16. Your California Privacy Rights: Notice to California Customers

If you are a California resident, California's "Shine the Light" law, Civil Code sections 1798.80 - 1798.84, includes provisions for securing and disposing of Personal Data, notifying you of a breach of your Personal Data, and for responding to requests by you asking about the businesses' practices related to disclosing Personal Data to Third Parties for the Third Parties' direct marketing purposes. In accordance with this Privacy Policy, DMI complies with California Civil Code sections 1798.80 - 1798.84.  DMI does not share your Personal Data with Third Parties for the Third Parties' direct marketing purposes. For more information about your rights under California's Civils Code sections 1798.80 - 1798.84 please visit https://leginfo.legislature.ca.gov.

17. Individuals Located in the European Economic Area (EU Data Subjects)

In addition to the rights already listed in this Privacy Policy under Section 8, you also have the right to data portability, as well as the right to be notified of automated decision making or profiling related to your Personal Data.

18. Changes to this Privacy Policy

From time to time, we may update this Privacy Policy to reflect new or different privacy practices. We will place a notice online when we make material changes to this Privacy Policy.

19. How to Contact Us

Please contact us if you have questions, or comments, at Privacy@TimeClockPlus.com. You may reach us via mail at address below. If you send us a letter, please provide your name, address, email address, and detailed information about your question, comment, or complaints. Letters can be sent to:

Data Management, Inc.
Attn: Legal
1 Time Clock Dr.
San Angelo, TX 76904; USA

20. How to Lodge a Complaint

If you believe that DMI has not handled your Personal Data properly or that it has breached its privacy obligations, under any applicable data protection laws or the DMI Privacy Policy for Business Data, you may file your complaint in writing to the address above, or via email, to DMI at Privacy@TimeClockPlus.com. DMI will receive, investigate, and document each complaint and respond to the Individual within a reasonable timeframe of the outcome of the investigation.  If you are not satisfied with the results of the investigation by DMI, you may lodge a complaint directly with the designated Data Protection Officer.

By Email:
Data Protection Officer

By Mail:
Data Management, Inc.
Attn: Data Protection Officer
1 Time Clock Dr.
San Angelo, TX 76904; USA

EU Data Subjects See Section Entitled Data Management, Inc. Privacy Policy for Human Resources & Client Data Processing for EU Data Subjects.

References:

  1. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation- gdpr/individual-rights/right-to-erasure/

 

Data Management Inc. Privacy Policy for Business Data


1. Introduction

DMI has adopted a Global Data Privacy Policy ("Privacy Policy") as a legally binding set of internal rules to be recognized by the European Union (EU) Data Protection Authorities (DPAs).  The Privacy Policy ensures a consistent approach to privacy and data protection across DMI.

2. Scope and Applicability

The DMI Privacy Policy for Business Data indicates the commitments DMI has implemented for Processing Personal Data pertaining to those Individuals with whom DMI has a business relationship (e.g., Individuals who represent DMI's Clients, Suppliers and Business Partners, other Professionals, and Consumers) and other Individuals whose Personal Data are processed by DMI in the context of its business activities as a Data Controller.

3. Implementation

The effective date of the DMI Privacy Policy for Business Data is June 1, 2018. DMI will implement the DMI Privacy Policy for Business Data across the relevant DMI Departments within six (6) months of the effective date.

4. DMI Business Data Policy Principles

The DMI Privacy Policy for Business Data is based on a set of data protection principles outlined below.

    1. Business Purposes for Processing Personal Data

Personal Data may be processed by DMI in the context of its business operations for one or more of the following Business Purposes:

  1. Business Purposes for Processing Personal Data pertaining to Professionals:

 

  1. Business relationship management;
  2. Business relationship due diligence;
  3. Transactional communications;
  4. Account management;
  5. Quality control;
  6. Risk management;
  7. Security management; and
  8. Anonymize or de-identify Personal Data.

 

  1. Business Purposes for Processing Personal Data pertaining to Consumers and other Individuals:

 

  1. Provide requested information, products or services;
  2. Due diligence;
  3. Transactional communications;
  4. Account management;
  5. Risk management;
  6. Security management; and
  7. Anonymize or de-identify Personal Data.

 

  1. Business-necessary Processing activities.

 

  1. Protect privacy and security;
  2. Troubleshooting of products and services;
  3. Compliance;
  4. Business structuring activities; and
  5. Reporting and analysis.

 

  1. Development and improvement of products and/or services; and
     
  2. Relationship management and marketing.

4.2 Use for Other Purposes

Personal Data may be processed for a secondary purpose, similar to the legitimate Business Purpose, provided appropriate additional measures are taken. It is generally permissible to Process Personal Data for the following purposes (even if not listed as a Business Purpose), provided appropriate additional measures are taken:

  1. Disaster recovery and business continuity, including transferring the Information to an Archive;
  2. Internal audits or investigations;
  3. Implementation or verification of business controls;
  4. Statistical, historical, or scientific research;
  5. Dispute resolution;
  6. Legal or business counseling;
  7. Compliance with laws and company policies; or
  8. Insurance purposes.

4.3 Purposes for Processing Special Categories of Data

The following Special Categories of Data may be processed by DMI for the purposes specified below:

  1. Special Categories of Data revealed by Photographic Images. Photographic images and video recordings may be processed for security, compliance and other legitimate Business Purposes, such as participating in video conferences.
  2. Racial or ethnic data. DMI may Process racial and ethnic data as needed to facilitate affirmative action, supplier diversity, and other inclusion programs.
  3. Criminal data (including data relating to criminal behavior, criminal records, or proceedings regarding criminal or unlawful behavior). DMI may Process criminal data as needed to conduct appropriate due diligence on Individuals (employees, partners, and contractors) and in connection with security and compliance activities as needed to protect the interests of DMI.
  4. Physical or mental health data. DMI may Process physical or mental health data as needed to accommodate a person's disability or dietary needs, address emergency health needs, or in similar circumstances.
  5. Biometric data (such as fingerprints). DMI may Process biometric data for the protection of DMI and Staff assets, time and attendance, system and site access, security and fraud prevention reasons.
  6. Religion or beliefs. DMI may Process data pertaining to religion or beliefs as needed to meet an Individual's specific needs, such as accommodating dietary requests (for kosher or halal meals) or respecting religious holidays.

Special categories of data may be processed for any other legitimate purpose, if DMI obtains the prior explicit consent of the Individual.

5. Quantity and Quality of Data

DMI has established and implemented retention schedules so that records containing Personal Data are only retained as needed to fulfill the applicable Business Purposes, to comply with applicable legal requirements, or as advisable in light of applicable statutes of limitations.  For more information see our Data Retention Policy.

Personal Data should be accurate, complete, and kept up-to-date to the extent reasonably necessary for the applicable Business Purposes. It is the responsibility of Individuals to ensure that their Personal Data is accurate, complete, and up-to-date.

6. Individual Rights of Access, Rectification and Objection

Individuals have the right to request a copy of the Personal Data maintained by or on behalf of DMI unless otherwise prohibited by law. If the personal data is incorrect, incomplete, or not processed in compliance with applicable law or the DMI Privacy Policy for Business Data, the Individual has the right to have the personal data rectified, restricted, or erased (as appropriate) unless otherwise prohibited by law.

Additionally, Individuals have the right to object to a) the Processing of their Personal Data on the basis of compelling grounds related to their particular situation, or b) receiving direct marketing communications (opting-out). Restrictions may be lifted if DMI temporarily restricted processing based on one or more of the following grounds such as dispute about data accuracy, dispute about lawfulness of processing, DMI is in the process of reviewing an objection request, and the basis for restriction has been resolved; the data subject will also be notified about the removal of the restriction via email or mail. In addition once a restriction has been implemented, processing can only resume if explicit consent is granted by the data subject or if the data subject initiates a requests to lift the original restriction and there is no conflict with applicable laws and regulations.

Information around the process for submitting an Individual Rights Request can be found in Article 8 of the DMI Privacy Policy for Business Contacts.

7. Security and Confidentiality Requirements

DMI has implemented commercially reasonable and appropriate technical, physical, and organizational measures to protect Personal Data from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, acquisition, or access.

Access to Personal Data will be authorized only to the extent necessary to serve the applicable Business Purposes and DMI Staff with access to Personal Data will be subject to background screenings, confidentiality obligations, and routine data privacy training.

DMI shall investigate all known or suspected Data Security Breaches and shall document the facts relating thereto as part of a coordinated effort along with its Cybersecurity insurance policy provider, its effects and the remedial actions taken. DMI working in conjunction with its Cybersecurity insurance policy provider shall notify Individuals of a Data Security Breach within a reasonable period of time as documented in our Incident Response and Breach Notification Policy and  following determination of such Data Security Breach if (a) the Individual is at a high risk of harm as a result of the Data Security Breach or, (b) (even if the Individual is not at a high risk of harm), if an applicable breach notification law requires Individual notification. DMI complies with all applicable regulatory requirements for any breach notification and have contracted the services of qualified third-party providers to perform incident response and required breach notifications through a comprehensive Cybersecurity insurance policy.

While DMI takes all reasonable and practical steps to mitigate the risk to individuals, individuals may be subject to risks related to identify theft or fraud, damage to reputation, loss of confidentiality.

8. Direct Marketing

DMI respects the choices of Individuals and provides Individuals the choice to opt-in and opt-out of direct marketing. DMI will send direct marketing materials if the Individual has provided opt-in consent or if Applicable Law permits DMI to send marketing communications without explicit consent based on an existing business relationship.

9. Transfer of Personal Data to Third Parties and Internal Processors

DMI may transfer Personal Data to a Third Party and to Internal Processors to the extent necessary to serve the applicable Business Purposes. DMI will only transfer Personal Data to a Third Party or to an Internal Processor if a written contract has been entered into with DMI ensuring that the same level of data protection will be applied as described in the DMI Privacy Policy for Business Data.  Third Parties may include:

  1. Commercial Data Centers;
  2. Customer Relationship Management System (CRM);
  3. Applicant Tracking System (ATS);
  4. Mass Marketing Email Tools;
  5. Workforce Management Applications (WFM);
  6. Technical Support Ticketing System;
  7. Project Management Tools;
  8. Email and Email Archive Servers;
  9. Public Forums (Online Communities and Social Media); and
  10. Instant Messaging Applications.

10. Governance

DMI's privacy program is managed by DMI's Vice President of Operations and the Legal team. DMI has implemented a Data Privacy Committee comprised of the Vice President of Operations, all Privacy Stewards, and the Data Protection Officer, who is in charge of privacy compliance within their respective states, countries, Business Units, or Functional areas.

Privacy Stewards are Executives who have been appointed by DMI senior leaders to implement and enforce compliance with DMI's Privacy Policy within their respective Business Units or Functional areas.

11. Training

All DMI Staff with access to or responsibilities for Processing Personal Data are required to complete annual Data Privacy Training through DMI's Learning Management System.

12. Monitoring and Audit

DMI audits business processes and procedures that involve the Processing of Personal Data for compliance with the DMI Privacy Policy for Business Data on a regular basis. Additionally, DMI will allow its Processing facilities to be audited by the Lead DPA and DPAs of an EEA Country, as defined in the DMI Privacy Policy for Business Data.

The Global Chief Privacy Officer shall produce an annual report for the DMI Executive Committee on compliance with the DMI Privacy Policy for Business Data, privacy, data protection risks, and other relevant issues.

13. Complaints Procedure

Individuals covered by the DMI Privacy Policy for Business Data may file a written complaint if they suspect that DMI has violated the commitments made in the DMI Privacy Policy for Business Data, as further defined in the DMI Privacy Policy for Business Data.

Complaints must be submitted in writing to DMI. Complaints may be submitted via email to Privacy@TimeClockPlus.com or via mail to:

Data Management, Inc.
Attn: Legal
1 Time Clock Dr.
San Angelo, TX 76904; USA

Individuals may also file a complaint or claim with the relevant DPAs or the Courts.

EU Data Subjects See Section Entitled Data Management, Inc. Privacy Policy for Human Resources & Client Data Processing for EU Data Subjects.

 

Data Management Inc. Privacy Policy for Client Employees


DMI's Global Data Privacy Policy applies to all affiliates and employees worldwide. The Global Data Privacy Policy helps us ensure that Personal Data is handled properly. The Global Data Privacy Policy governs Personal Data collected by DMI for its own purposes as well as information provided to us as a processor for our Clients. It protects information collected online as well as offline. DMI is committed to protecting the privacy and security of Personal Data that we process in order to provide services to our Clients. We receive Personal Data from our Clients about their current, prospective and former employees as well as employee emergency contacts and family members. This Privacy Policy explains our practices with regard to the Personal Data we receive from our Clients as a processor.

1. DMI Collection and Processing of Client Employees' Personal Data

DMI will collect and process your Personal Data only as instructed or permitted by our Client (your employer) or you. DMI maintains appropriate security controls to protect your information.

For our Client employees located in the European Economic Area and in Switzerland, DMI has established a Global Data Privacy Policy for Client data processing services as required by the European Union Data Protection Authorities.

DMI will disclose your personal data to your employer and to other entities when instructed by your employer. Examples of other entities include payroll processors, benefits administration providers, enterprise resource planning vendors, and others.  We may disclose your personal data to our affiliates and third party processors as needed to provide the services that you and your employer have requested. These entities are contractually bound to limit the use of your personal data as needed to perform the services. We will also disclose personal data when required to do so by law, such as in response to a subpoena, including to law enforcement agencies and courts in the United States and other countries where we operate.

If you have questions about your privacy rights, please contact your employer's human resources department.

2. Types of Personal Data DMI Processes for Clients

DMI processes information about you from Clients for whom we store and process Personal Data.  This data helps our Clients collect and analyze both demographic and time and attendance data for the management of their workforce.  In particular, we process the following Personal Data for Clients:

  1. Personal Demographic Data includes username, password, first name, last name, address, email, phone number, job title, employee ID, taxpayer ID, gender, date or birth, hire date, termination date, language preference, payroll classification, employment classification, pay rates, work schedules, employment contracts, and labor union affiliation; and
  2. Personal Activity Data includes clock-in time, clock-out time, clock-in location, clock-out location, leave requests, including vacation, sick, and other third party defined leave reasons, leave accruals, FMLA cases, and hours worked.

2. International Data Transfers

Where authorized by your employer, DMI will transfer personal data pertaining to individuals located outside of the United States to our affiliates and suppliers in the United States, as permitted by the DMI Privacy Policy for Client Data Processing and pursuant to applicable data protection laws.  Therefore, your Personal Data may be processed outside the European Economic Area ("EEA"), and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection in the EEA. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers. 

3. Sensitive Personal Data

In the ordinary course of its business, DMI processes sensitive personal data on behalf of your employer, such as social security numbers and dates of birth. DMI has implemented reasonable technical, physical and administrative safeguards to help protect the sensitive personal data from unlawful use and unauthorized disclosure. All DMI employees and contractors are required to follow these established procedures, both online and offline. Access to sensitive personal data is limited to those employees and contractors who have a need to access the information to perform tasks for DMI. DMI will only disclose sensitive personal data to those service providers, auditors, and/or advisors who are legally or contractually obligated to protect them or as required or permitted by law.

4. How to Lodge a Complaint (European Economic Area (EEA) and Switzerland Client Employees only)

Client employees located in the EEA and Switzerland, as a third party beneficiary, may file a complaint in respect of a claim they have for violation of the DMI Privacy Policy for Client Data Processing or applicable law, by contacting DMI at Privacy@TimeClockPlus.com.  DMI's Data Protection Officer will receive, investigate, and document each complaint and respond to the Individual within a reasonable timeframe of the outcome of the investigation. 

By Email:
Data Protection Officer
DPO@TimeClockPlus.com

By Mail:
Data Management, Inc.
Attn: Data Protection Officer
1 Time Clock Dr.

San Angelo, TX 76904; USA

For more information on how to submit a complaint under the Privacy Shield Frameworks, please refer to the section entitled Data Management, Inc. Privacy Shield Privacy Policy for Data Transferred to the United States from the EU/Switzerland.


5. Questions about Your Personal Data

DMI is committed to transparency. We want individuals to understand how we collect and use personal data so they may interact with DMI with confidence. The materials provided in the Privacy Policy may help you find the information you need about privacy at DMI. If you have questions related to the content of this Privacy Policy, please contact us at Privacy@TimeClockPlus.com. As an employee of a DMI Client, please reach out to your employer for more information regarding the collection and processing of your Personal Data.

 

Data Retention Policy


1. Purpose

In accordance with applicable law, which makes it a crime to alter, cover up, falsify, or destroy any document with the intent of impeding or obstructing any official proceeding, this policy provides for the systematic retention and destruction of Personal Data collected by DMI in connection with the transaction of business and day to day operations.

This policy covers all Personal Data regardless of physical form, including email, and contains guidelines for how long certain documents should be kept and how records should be destroyed. The policy is designed to ensure compliance with laws and regulations, to limit accidental or innocent destruction of records, and create consistency in the destruction of outdated documents.

2. Personal Data Retention (All Medias)

DMI targets the document retention procedures outlined below. Documents that are not listed, but are substantially similar to those listed in the schedule are retained for the associated length of time. 

2.1 Corporate Records

  • Contracts                                                                                                             7 years after termination
  • Correspondence (general)                                                                            3 years

2.2 Legal, Insurance and Safety Records

  • Insurance Policies (with Additional Name Insured)                             Permanent
  • Leases                                                                                                                   6 years after termination
  • Contracts                                                                                                             7 years after termination
  • Safety Records                                                                                                   Permanent

2.3 Accounting and Corporate Tax Records

  • Annual Audits and Financial Statements                                                 Permanent
  • IRS 990 Tax Returns                                                                                         Permanent
  • Business Expense Records                                                                            7 years
  • Journal Entries                                                                                                   7 years
  • Invoices                                                                                                                7 years
  • Sales Records (box office, concessions, gift shop)                                5 years
  • Petty Cash Vouchers                                                                                       3 years
  • Cash Receipts                                                                                                     3 years
  • Credit Card Receipts                                                                                        3 years
  • Electronic Fund Transfer Documents                                                        7 years

2.4 Payroll and Employment Tax Records

  • Payroll Registers                                                                                               Permanent
  • State Unemployment Tax Records                                                             Permanent
  • Earnings Records                                                                                              7 years
  • Garnishment Records                                                                                     7 years
  • Payroll Tax Returns                                                                                          7 years
  • W-2 Statements                                                                                                7 years

2.5 Employee Records

  • Employment and Termination Agreements                                           Permanent
  • Retirement and Pension Plan Documents                                               Permanent
  • Records Relating to Promotion, Demotion or Discharge                   7 years after termination
  • Accident Reports and Worker's Compensation Records                   5 years
  • Employment Applications                                                                             3 years
  • I-9 Forms                                                                                                             3 years after termination
  • Time Cards                                                                                                          2 years
  • Biometric Information                                                                                    1 year

2.6 Client Records

  • Contact Information (email, phone number, address)                       Permanent
  • Correspondence (phone call, email, mail)                                               3 years
  • Sales Notes                                                                                                         Permanent
  • Marketing Campaign Notes                                                                          Permanent
  • Technical Support Notes                                                                                Permanent
  • Implementation Project Notes                                                                    Permanent
  • Active Client Data (employee records)                                                     Permanent
  • Inactive Client Data (employee records)                                                  30 to 45 days after termination
  • Service Contracts                                                                                              7 years after termination

3. Electronic Documents and Records

Electronic documents are to be retained as if they were paper documents, without duplicating the effort when a hardcopy of the same documents exist.  Our policy for general correspondence generated by DMI email is to archive it and eventually destroy it according to the schedule herein. Backup and recovery methods are reviewed on an annual basis.  Where possible, and as the business operation allows, we will make reasonable efforts to reduce hardcopy generation of documents by attempting to convert to a more paperless operation.

 

Data Management Inc. Biometric Information Privacy Policy


1. Introduction

DMI has instituted the following policy related to the information that is collected and transmitted to DMI as a result of DMI Client's use of biometric timeclocks or timeclock attachments, as well as for use internally to authenticate DMI employees for time and attendance and human resource purposes. 

2. Biometric Information

Biometric Information collected by DMI includes biological traits unique to individuals and Biometric Identifiers as defined in the Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq., or as may be defined in any other applicable local laws that govern the collection, use, storage or disclosure of biometric data. "Biometric Identifier" means a biological trait, including retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. "Biometric Information" means any information, regardless of how it is captured, converted, stored, or shared, based on an individual's Biometric Identifier used to identify an individual.  The capture of such Biometric Information creates a Biometric Identifier in the form of a numeric value which can be stored and used to authenticate the identity of a person while using our products.  This numeric value cannot be reverse engineered to reproduce a likeness of your fingerprint.

3. Client's Responsibilities

Clients are responsible for maintaining their own data collection, disclosure, retention, and storage policies as may apply to them under applicable law.  To the extent required by law, Clients will obtain written authorization for the Client, DMI, and/or the licensor of DMI time and attendance software to collect, retain, and use biometric data from each employee prior to collection of such data. Biometric data will be used solely for identification and fraud prevention.

While the use of Biometric Information is not mandatory to use our products, Clients may encourage employees to participate in biometric authentication.  By voluntarily performing the enrollment process, offering your Biometric Information for capture, you consent to the resulting and subsequent use of your Biometric Information with our products.

DMI Clients agree that, in light of the developing nature of the legal requirements that may apply to biometric timeclocks, or timeclock attachments, to the extent that they use biometric timeclocks or timeclock attachments in jurisdictions where applicable law so requires, they must:

  1. Inform the employee in writing that biometric data is being collected, stored, and used;
  2. Indicate the specific purpose(s) for collecting the biometric data and length of time for which it is being collected, stored, and used; and
  3. Receive a written release from the employee (or his or her legally authorized representative) of the biometric data authorizing the Client, DMI and/or the licensor of DMI time and attendance software to collect, store, and retain the employee biometric data utilized by the timeclocks, or timeclock attachments, and authorizing the Client to provide such data to DMI and the licensor of DMI time and attendance software.

4. Disclosure and Sharing of Biometric Information

DMI will not sell, lease or trade any Biometric Information that it receives from its Clients as a result of their use of biometric timeclocks, or timeclock attachments.  Biometric Information will not be used for any purpose other than that described here.

DMI will not disclose or disseminate any Client's employee's Biometric Information to any person or entity other than the Client and the licensor of DMI time and attendance software without/unless:

  1. First obtaining the Client's employee's written consent;
  2. Disclosure is required by state, federal law or other applicable local law; or
  3. Disclosure is required pursuant to a valid warrant or subpoena.

5. Retention Schedule

DMI will retain the Client's employee's Biometric Information until the Client notifies DMI that it has terminated the employee in the Client's timekeeping systems, or has otherwise discontinued using a biometric timeclocks, or timeclock attachments with respect to that employee. When DMI receives notification that either a Client's employee's employment has been terminated, or the Client has discontinued using biometric timeclocks, or timeclock attachments with respect to that employee, the employee's Biometric Information will be removed from the product. 

6. Biometric Data Storage

DMI will use a reasonable standard of care to store, transmit and protect from disclosure any paper or electronic Biometric Information collected, and shall store, transmit, and protect from disclosure all Biometric Information in a manner that is the same as or more protective than the manner in which DMI stores, transmits, and protects other Personal Data that can be used to uniquely identify an individual or an individual's account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver's license numbers, and social security numbers.

 

Data Management, Inc. Privacy Policy for Human Resources & Client Data Processing for EU Data Subjects

1. Introduction

DMI has adopted the provisions of this Global Data Privacy Policy ("Privacy Policy") for processing Client employee data and business contact data.  In addition, DMI has implemented policies for processing Personal Data of DMI employees. This Privacy Policy is intended to be a legally binding set of internal rules that ensure a consistent approach to privacy and data protection.

The DMI Privacy Policy for Client Data Processing indicates the commitments DMI has implemented for the processing of personal data pertaining to Client employees by DMI, in connection with providing Client services and Client support activities.

2. Scope and Applicability

The DMI Privacy Policy for Client Data Processing addresses the processing of personal data of Client employees by DMI in its role as a data processor for Clients in the course of delivering Client services, where such personal data are:

  1. Subject to EEA Applicable Law;
  2. Collected originally in the context of the activities of an EEA establishment of a Client;
  3. Subject to EEA Data Transfer Restrictions;
  4. Processed by DMI outside the EEA in a country which has not been deemed to provide an adequate level of data protection by competent EEA institutions; and
  5. Processed pursuant to a Service Agreement that specifically provides that the DMI Privacy Policy for Client Data Processing shall apply to such personal data.

2. Implementation

The effective date of the DMI Privacy Policy for Business Data is June 1, 2018. DMI will implement the DMI Privacy Policy for Business Data across the relevant DMI Departments within six (6) months of the effective date.

3. DMI Privacy Policy for Client Data Processing Principles

The DMI Privacy Policy for Client Data Processing is based on a set of data protection principles outlined below.

3.1 Data Processing Purposes

DMI shall Process Client Data on behalf of the Client, only in accordance with the Service Agreement, pursuant to any documented instructions received from the Client, or as needed to comply with Applicable Law.

DMI processes personal data (including Special Categories of Data) pertaining to Client employees as needed to provide Client services, Client support activities, as required by EEA applicable law and for the following additional purposes:

  1. Hosting, storage, and other processing needed for business continuity and disaster recovery;
  2. System and network administration and security, including infrastructure monitoring, identity and credential management, verification and authentication, and access control;
  3. Monitoring and other controls needed to safeguard the security and integrity of transactions;
  4. Enforcing contracts and protecting DMI, its employees, Clients, Client employees, and the public against theft, legal liability, fraud, or abuse; and
  5. Approved DMI internal business processes.

Upon termination of the Service Agreement, DMI shall fulfill its obligations to the Client with regard to the returning the data and securely destroying the data, subject to EEA applicable law.

4. Security Requirements

DMI has implemented commercially reasonable and appropriate technical, physical, and organizational measures to protect Client Data from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, acquisition, or access during the Processing, which will meet the requirements of EEA Applicable Law, or any stricter requirements, as imposed under the Service Agreement.

Access to Client Data will be authorized only to the extent necessary to serve the applicable Data Processing Purposes and requirements of the Service Agreements. DMI staff with access to Client data will be subject to background screenings, confidentiality obligations, and routine data privacy training.

DMI shall coordinate efforts with its Cybersecurity insurance policy provider to notify the Client of a data security breach without undue delay after becoming aware that such a breach has occurred as documented in our Incident Response and Breach Notification Policy, unless a law enforcement official or supervisory authority determines that notification would impede a criminal investigation, or cause damage to national security or a breach of trust in the relevant industry sector.

5. Transparency to Client Employees

DMI shall promptly notify the Client of requests or complaints related to the Processing of Personal Data by DMI that are received directly from Client employees without responding to such requests or complaints, unless otherwise provided in the Service Agreement or instructed by the Client. To facilitate employers fulfilling Data Subject Requests via the software application the following actions are implemented and available: access, information, restriction, rectification, and erasure; these are described in detail under the Help menu in the General Data Protection Regulation (GDPR) section.

6. Subprocessors

Third Party Subprocessors may only Process Client Data pursuant to a Subprocessor Contract. The Subprocessor Contract shall impose similar data protection-related Processing terms on the Third Party Subprocessor that will be not less protective than those imposed on the DMI Contracting Entity by the Service Agreement and the DMI Privacy Policy for Client Data Processing Services.

DMI shall publish an overview of the categories of Subprocessors involved in the performance of the relevant Client Services and DMI shall provide notice to the Client of any new Subprocessors engaged by DMI for the delivery of the Client Services. The current list of Subprocessors involved in the performance of relevant services can be found here https://www.timeclockplus.com/privacy/subprocessors.aspx. Clients have 30 days from notification date to object to the use of new Subprocessors engaged by DMI.

7. Governance

DMI's privacy program is managed by DMI's Vice President of Operations and the Legal team. DMI has implemented a Data Privacy Committee comprised of the Vice President of Operations, all Privacy Stewards, and the Data Protection Officer, who is in charge of privacy compliance within their respective states, countries, Business Units, or Functional areas.

Privacy Stewards are Executives who have been appointed by DMI senior leaders to implement and enforce compliance with DMI's Privacy Policy within their respective Business Units or Functional areas.

8. Compliance

DMI shall respond promptly and appropriately to requests for assistance from the Client to enable the Client to comply with its obligations, subject to Applicable Law and in accordance with the Service Agreement. During cases where requests from a data subject are distinctly unsubstantiated or excessive, in particular because of their repetitive character, we may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request altogether (a).

9. Training

All DMI Staff with access to or responsibilities for Processing Personal Data are required to complete annual Data Privacy Training through DMI's Learning Management System.

10. Monitoring and Audit

DMI will address Client audit requests and will answer questions asked by the Client regarding the Processing of Client Data by DMI. If further information is requested, in agreement with Client, DMI will provide the Client with a statement from a third party assessor, indicating DMI's compliance with the DMI Privacy Policy for Client Data Processing. Additionally, DMI will allow its Processing facilities to be audited by any DPA of an EEA Country which is competent to audit a DMI Client.

The Data Protection Officer shall produce an annual report for the DMI Executive Team on compliance with the DMI Privacy Policy for Client Data Processing Services, privacy, data protection risks, and other relevant issues.

11. Complaints Procedure

Client Employees covered by the DMI Privacy Policy for Client Data Processing may file a complaint if they believe that DMI has not handled their Personal Data properly or that it has breached its privacy obligations, under any applicable data protection laws or the DMI Privacy Policy for Client Data Processing. You may file your complaint in writing to the address below, or via email, to DMI at Privacy@TimeClockPlus.com. DMI's Data Protection Officer will receive, investigate, and document each complaint and respond to the Individual within a reasonable timeframe of the outcome of the investigation.

By Email:
Data Protection Officer
DPO@TimeClockPlus.com

By Mail:
Data Management, Inc.
Attn: Data Protection Officer
1 Time Clock Dr.

San Angelo, TX 76904; USA

For more information on how to submit a complaint under the Privacy Shield Frameworks, please refer to the section entitled Data Management, Inc. Privacy Shield Privacy Policy for Data Transferred to the United States from the EU/Switzerland.

12. Contact Us

For more information about DMI's Privacy Policies, including the DMI Privacy Policy for Client Data Processing, please contact the Data Protection Officer at Privacy@TimeClockPlus.com.

VeraSafe has been appointed as Data Management Inc.'s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to Privacy@timeclockplus.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form:  https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

References:
  1. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation- gdpr/individual-rights/right-of-access/

 


Data Management, Inc. Privacy Shield Privacy Policy for Data Transferred to the United States from the EU/Switzerland


Data Management, Inc. ("DMI") complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield.  DMI has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. 

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, DMI is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States.  Upon request, we will provide you with access to the personal information that we hold about you.  You may also may correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to Privacy@TimeClockPlus.com.  If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to Privacy@TimeClockPlus.com.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

DMI's accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, DMI remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless DMI proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, DMI commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact DMI by email at Privacy@TimeClockPlus.com. DMI's Data Protection Officer will receive, investigate, and document each complaint and respond to the Individual within a reasonable timeframe of the outcome of the investigation.

By Email:
Data Protection Officer
DPO@TimeClockPlus.com

By Mail:
Data Management, Inc.
Attn: Data Protection Officer
1 Time Clock Dr.

San Angelo, TX 76904; USA

DMI has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and DMI does not address it satisfactorily, DMI commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.

Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data- protection/bodies/authorities/index_en.htm

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I- introduction

Contact Us

For more information about DMI's Privacy Policies, including the DMI Privacy Policy for Client Data Processing, please contact the Data Protection Officer at Privacy@TimeClockPlus.com.



Want to Learn More? Request a Demo Today!Contact a Repblank
TimeClock Plus Homepage