Privacy Policy for Clockk.com Inc.

Last updated: October 24, 2024

Introduction and Scope

Welcome to Clockk.com Inc. (hereafter Clockk), your trusted partner in accurate AI-powered time tracking. Protecting your personal information is of paramount importance to us. This Privacy Policy outlines the practices and procedures we adhere to in managing and safeguarding the personal information we collect and process.

Our Privacy Policy applies to all users of our services across the world, including visitors to our website, our customers, and their end-users. It is designed to provide transparency into our privacy practices and principles in a format that is readable and navigable.

This policy applies to all data collected by Clockk through our SaaS platform and related services. It details how personal information is collected, used, disclosed, and safeguarded by our company. As a company based in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and strive to adhere to the best practices prescribed by the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy laws and regulations affecting our international users.

We encourage you to read this policy thoroughly to understand our practices regarding your personal data and how we will treat it. By engaging with our services, you acknowledge you have read and understood this Privacy Policy.

Data Controller and Processor Details

Clockk acts as the data controller for personal data that we collect for our own purposes, such as account information, billing, and support. When using Clockk’s time-tracking services, our customers act as the data controllers for the personal data they track and manage. In these cases, Clockk operates as the data processor, processing data on behalf of and under the instructions of our customers.

Our primary responsibility is to ensure your personal data is treated securely and in accordance with this Privacy Policy and applicable privacy laws.

Contact Details:

Legal Name of Company: Clockk.com Inc.
Registered Address: 401-5880 Spring Garden Rd., Halifax NS, B3H 1Y1 Canada
Operating Address: 401-5880 Spring Garden Rd., Halifax NS, B3H 1Y1 Canada
Contact Email: privacy@clockk.com
Website: clockk.com

For any questions, concerns, or requests regarding the handling of your personal data, or if you wish to exercise any of your rights as described in this policy, please contact us through the above details. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.

If you are unsatisfied with the response you receive, you may also have the right to lodge a complaint with a data protection authority. For more detailed information on how to contact your local data protection authority, please see the "Regulatory Authority Contact Information" section of this policy.

Types of Collected Data

At Clockk, we collect both personally identifiable information and non-personally identifiable information to provide and improve our services. The data we collect depends on the context of your interactions with our services, the choices you make, and the products and features you use.

1. Personally Identifiable Information (PII):

  • Account Information: This includes your name, email address, company name, and password that you provide when creating an account on our platform.
  • Payment Information: To complete transactions, we collect transaction-related information, including credit card numbers, billing addresses, and other financial data necessary to process payments. Please note that all payment data is submitted to and stored by our payment processor and not by us directly.
  • Communications: Information you provide when you contact us for help; feedback you provide to us or post on our forums and other interactive features of our platforms.
  • Tracked data: The information collected by the trackers (Desktop app and browser extension) as well as the information gleaned from your email accounts and calendars, if you have configured these options. To understand exactly what is collected by our trackers and stored on our servers, please consult our Privacy Promise.

2. Non-Personally Identifiable Information:

  • Usage Data: Information about how you use our service, including your internet protocol (IP) address, log-in data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our platform.
  • Analytics Data: We collect data through third-party analytics tools that aggregate data about your activities on our platform, helping us to improve our service and user experience.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our service and hold certain information, which helps us to personalize our service and remember your preferences.

3. Special Categories of Data:

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses. Please note that if you install Clockk’s trackers and you work on documents with this information, the information will become part of your corpus of tracked data, however it will not be part of our profile of you.

By using our services, you agree to the collection and use of information in accordance with this policy. For more detailed information on how we process and secure your personal data, please refer to the sections on "Purposes of Data Processing" and "Methods of Data Protection".

Purposes of Data Processing

At Clockk, we process your personal data to operate effectively and provide you the best experiences with our services. The specific purposes for which we process your data include:

  • Service Delivery: To administer and manage your account, to provide you with the tools and services you have signed up for, and to verify your identity and authority to use our services.
  • Billing and Account Management: We use personal information for billing purposes and to fulfill contractual obligations. This includes calculating charges and managing payments for the services provided, as well as sending you related communications.
  • Service Improvement: To analyze usage trends and preferences in order to improve our tool’s functionality and design. This helps us serve you better and create features that are more beneficial to our user base.
  • Customer Support: To provide customer support, address technical issues, respond to requests for assistance, and manage support tickets. We process data submitted by users to diagnose and resolve technical or service problems.
  • Security Measures: To enhance the security of our services, including to prevent fraudulent use of our tools, unauthorized access to user accounts, and to safeguard the integrity of our platform.
  • Compliance and Enforcement: To comply with legal obligations, respond to governmental inquiries, or as necessary for audit purposes. This may include using data to defend against legal claims.
  • Communication and Marketing: We may use your information to contact you about your account, system updates, or other informational messages, and occasionally send promotional messages that may be of specific interest to you, subject to your consent where required.
  • Analytics and Performance Monitoring: To understand how our service is used and to measure the effectiveness of our advertising, we use analytics and performance monitoring tools.

By processing this data, we aim to provide a seamless, efficient, and lawful service that meets the needs of our users. We process this information through the lens of strict data protection principles, ensuring that the data collected is necessary, relevant, and not excessive for the purposes described.

Legal Basis for Processing

Clockk processes your personal data under the following legal bases:

  • Consent: We process certain data based on the consent you explicitly provide when you sign up for our services, subscribe to our newsletter, or agree to our use of cookies and similar technologies on our website. You have the right to withdraw your consent at any time.
  • Contractual Necessity: We process personal data necessary to enter into or perform our contract with you. This includes using your data to manage your account, provide our services, and fulfill our obligations under our Terms of Service, such as enabling billing and providing user support.
  • Legal Obligations: We process personal data when it is required for compliance with a legal obligation to which we are subject, such as tax laws and other regulatory requirements.
  • Legitimate Interests: We process data based on legitimate interests in a manner that is not overridden by your data protection rights. These legitimate interests include:
    • To understand how our services are used so we can improve them to benefit our users.
    • To market our services to existing customers with relevant offers.
    • To ensure network and information security.
    • To prevent fraud, misuse of our services, and ensure the safety of our IT environments.

Each of these bases for processing is necessary for us to provide our services effectively and ensure our platform remains secure and compliant with the law. If we plan to process personal data for a purpose other than that for which the personal data were collected, we will provide you prior to that further processing with information on that other purpose and with additional information necessary to ensure fair and transparent processing.

Data Recipients

At Clockk, we take your privacy seriously and share your personal data only under specific circumstances with the following categories of recipients:

  • Service Providers: We engage various service providers who assist us in meeting business operations needs, including hosting, data analysis, payment processing, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may have access to personal data only as needed to perform their functions and are obligated to maintain the confidentiality and security of the data.
  • Business Partners: We may share your personal data with trusted business partners, such as integration partners and resellers, to provide you with our services. These communications are often necessary for the provision of our service to you and other legitimate purposes outlined in our policy.
  • Legal and Regulatory Authorities: We may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements. This includes complying with legal processes such as court orders, subpoenas, or to protect the rights, property, or safety of Clockk, our customers, or others.
  • Affiliates: Personal data may be shared with our affiliates, meaning other companies owned by or under common ownership as Clockk. This sharing enables us to provide you with information about products and services, both related to and separate from, those offered by Clockk, which might interest you.
  • Business Transfers: In connection with a merger, acquisition, bankruptcy transaction, or other corporate reorganization, your personal data may be transferred to a successor or affiliate as part of that transaction along with other assets.
  • Professional Advisers: We may share your data with professional advisers such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Data Transfers

Clockk is based in Canada, but we operate globally and may transfer, store, and process your personal data in countries other than your own. Given our international operations, it is important to note that these countries may have data protection laws that are different from those of your country of residence.

Safeguarding Measures:

  • Adequacy Decisions: Where we transfer personal data to countries that have been deemed to provide an adequate level of data protection by relevant regulatory bodies, we rely on these decisions to ensure the security of the data.
  • Standard Contractual Clauses: For transfers to countries without adequacy decisions, we use Standard Contractual Clauses approved by the European Commission or other relevant authorities to ensure that personal data transferred remains protected and secure. These clauses impose strict obligations on the recipients of your data regarding their handling and safeguarding.
  • Binding Corporate Rules: In the case of intra-company transfers across borders, we may rely on Binding Corporate Rules that have been approved by relevant data protection authorities to ensure that your data receives an adequate level of protection.
  • Privacy Shield Framework: If transferring data to the United States, we ensure that such transfers are made to entities that comply with the EU-U.S. Privacy Shield Framework, which requires them to provide similar protection to personal data shared between Europe and the US.

We take all reasonable precautions to ensure that your data is treated securely and in accordance with this privacy policy and have implemented appropriate security measures to protect your data in the event of an international transfer.

By using our service, you understand and agree to the transfer of your personal data outside of your country of residence, where data protection laws may be different. If you have any concerns about the transfer of your personal data, please contact us at privacy@clockk.com.

Data Retention Period

At Clockk, we adhere to the principle of data minimization and only retain personal data for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

Specific Retention Periods:

  • Account Information: Your personal information and details of your transactions are kept for the duration of your account being active plus a period of up to seven years thereafter to comply with accounting and tax laws.
  • Service Records: Data related to the usage of our services is retained for a period of up to three years from the date of your last interaction with our service, to allow for analysis and improvement of our service offerings.
  • Marketing Information: If you have opted into marketing communications, we retain your contact information until you unsubscribe or opt out of receiving these communications. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of our marketing emails.

Data Deletion:

Upon expiration of the retention periods, your personal data will be securely deleted or anonymized, so that it can no longer be linked to you. In certain circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Legal Exceptions:

In some instances, we may be required to retain your data for longer periods as required or permitted by law, particularly in the event of a legal claim or complaint.

We review our retention periods regularly to ensure that we are in compliance with legal and regulatory obligations and industry standards.

By using our services, you acknowledge and agree to these retention practices. If you have questions about our data retention policy or need further details about how long we retain specific pieces of personal data, please contact our Data Protection Officer at privacy@clockk.com.

Rights of Data Subjects

At Clockk, we recognize and uphold the rights of all data subjects under privacy laws applicable to our operations, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA). As a user of our services, you have the following rights concerning your personal data:

  • Right to Access: You have the right to request access to the personal data we hold about you. This includes the right to know what data is being processed and how it is being used. To exercise your right of access, you can contact us at privacy@clockk.com to request a copy of your personal data. We will provide it in a machine-readable format (e.g., JSON) along with an explanation of how the data is stored and processed. Requests will be fulfilled within one month.
  • Right to Rectification: If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.
  • Right to Erasure: Also known as the 'right to be forgotten', this right allows you to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as if you contest the accuracy of the data or have objected to our use of it.
  • Right to Data Portability: Where the processing is based on your consent or a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit those data to another controller.
  • Right to Object: You have the right to object to the processing of your personal data based on legitimate interests, including profiling, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.
  • Right to Withdraw Consent: In cases where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, though this will not affect the lawfulness of the processing before your consent was withdrawn.
  • Right to Non-Discrimination: You have the right to not be discriminated against for exercising any of your privacy rights under applicable laws, including the CCPA.
  • Automated Decision-Making and Profiling: You have rights related to automated decision-making, including profiling. You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless necessary for entering into, or performance of, a contract between you and us, or based on your explicit consent.

To exercise any of these rights, please contact our Data Protection Officer at privacy@clockk.com. We will respond to your request in accordance with applicable law and within any prescribed time limits. Please note that we may need to verify your identity before processing your request.

Methods of Data Protection

At Clockk, we are committed to protecting the personal data we collect and process. To ensure the security, confidentiality, integrity, and availability of personal data, we employ a range of technical, physical, and administrative measures:

Technical Safeguards:

  • Encryption: All personal data is encrypted during transmission over the Internet using TLS (Transport Layer Security) technology and encrypted at rest when stored on our servers.
  • Access Controls: We implement role-based access controls that ensure only authorized personnel have access to personal data. Authentication mechanisms, such as multi-factor authentication (MFA), are in place to enhance security.
  • Firewalls and Intrusion Detection Systems: Our network is protected by firewalls and monitored using intrusion detection systems to detect and mitigate potential threats.

Physical Safeguards:

  • Secure Facilities: Our data centers are housed in facilities with strict physical access controls, including security personnel, surveillance cameras, and biometric access controls to prevent unauthorized access.
  • Data Center Security: We work with trusted partners whose data centers comply with industry standards such as ISO 27001 and SOC 2 Type II, ensuring that physical and environmental security measures are robust.

Administrative Measures:

  • Data Protection Training: All employees receive regular training on data protection principles, secure data handling practices, and security protocols relevant to their job functions.
  • Policies and Procedures: We maintain internal policies that dictate how personal data should be handled and protected. These policies are reviewed and updated regularly to meet our business needs and changes in regulatory requirements.
  • Regular Audits: To ensure ongoing compliance with our security practices and policies, we conduct regular audits and assessments, which are carried out internally and by third-party experts.

Incident Response and Management:

  • Incident Response Plan: We have an incident response plan in place to quickly address any data breaches or security incidents. This plan includes procedures for containment, investigation, mitigation, and notification to affected individuals and regulatory bodies as required by law.

Data Minimization and Retention:

  • We adhere to the principles of data minimization by collecting only the data necessary for the stated purposes and retaining personal data only for as long as it is needed to fulfill those purposes or as required by law.

By implementing these comprehensive data protection measures, Clockk ensures that your personal data is secure and protected against unauthorized access, disclosure, alteration, and destruction. Our commitment to data security is fundamental to our business ethics and legal obligations.

Use of Cookies and Tracking Technologies

Clockk uses cookies and similar tracking technologies to track the activity on our service and maintain certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. They are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags, and scripts to collect and track information and to improve and analyze our service.

You can read more about Clockk’s use of cookies and other tracking technologies at our cookie policy.

Automated Decision-Making and Profiling

At Clockk, we use technology responsibly. Our service includes elements of automated decision-making and profiling which help us to tailor our services effectively and enhance user experience. Below is how these processes are implemented and how they affect you:

Automated Decision-Making:

  • Account Suspension: Clockk may use automated decision-making processes to identify accounts that engage in fraudulent activity or violate our terms of service. If such activity is detected, accounts may be suspended automatically, pending review by a human operator.
  • Service Personalization: We may use automated algorithms to analyze your activity on our platform to personalize and improve the services we offer you, such as suggesting projects or tasks you might like to track based on your past activities.

Profiling:

  • User Segmentation: We analyze user activity and preferences to create segmented profiles, which help us in delivering targeted and relevant content, offers, and advertisements.
  • Usage Analytics: Profiling allows us to understand how different categories of users interact with our service, which informs our product development and marketing strategies.

Rights and Controls:

  • Right to Object: You have the right to object to profiling and automated decision-making that significantly affects you. You can exercise this right by contacting us at privacy@clockk.com.
  • Human Intervention: Where decisions are made solely by automated means and have a significant effect on you, you have the right to request human intervention, express your point of view, and contest the decision.
  • Transparency: We commit to being transparent about the criteria and algorithms used in our automated decision-making and profiling processes. Should you have any questions regarding the specifics of these technologies, please contact our support team.

Clockk ensures that all automated decision-making and profiling practices are in compliance with applicable laws, providing safeguards to protect your rights and freedoms. We continuously review our processes to ensure fairness and accuracy.

Contact Information

Should you have any questions, concerns, or comments about our Privacy Policy or the handling of your personal data, we welcome you to contact us. Our team is available to address any issues or provide the assistance you may need regarding your privacy rights.

Contact Details of Clockk:

  • Email: privacy@clockk.com
  • Mailing Address: 401-5880 Spring Garden Rd., Halifax NS B3H 1N5 CanaY1

Data Protection Officer:

For specific inquiries regarding the processing of your personal data, or to exercise your data protection rights, please contact our Data Protection Officer (DPO) at:

Email: privacy@clockk.com (in the subject, please specify "DPO")
Mailing Address: 401-5880 Spring Garden Rd., Halifax NS B3H 1N5 CanaY1

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority of your country of residence.

We encourage you to reach out to us first, so we may address your concerns directly and promptly.

Changes to the Privacy Policy

Clockk reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any personal data. This Privacy Policy was last updated on the date indicated above, and any changes will be effective immediately upon the posting of the revised privacy policy on our website.

If we make material changes to this Privacy Policy, we will notify you either through the email address you have provided us, by placing a prominent notice on our website, or through other appropriate communication channels. We encourage you to review the updated policy to be informed of how Clockk is protecting your information.

By continuing to use our service after these changes are made, you agree to the revised policy.

Regulatory Authority Contact Information

At Clockk, we commit to resolving any complaints about our collection or use of your personal data. If you believe that we have not adequately addressed your concerns, you have the right to file a complaint with the appropriate data protection authority in your country. Below is the contact information for data protection authorities in several jurisdictions where our users may reside:

Canada (Office of the Privacy Commissioner of Canada):

  • Website: https://www.priv.gc.ca
  • Phone: 1-800-282-1376
  • Address: 30 Victoria Street, Gatineau, Quebec, K1A 1H3, Canada

European Union (European Data Protection Supervisor):

  • Website: https://edps.europa.eu
  • Phone: +32 2 283 19 00
  • Address: Rue Wiertz 60, B-1047 Brussels, Belgium

United States (Federal Trade Commission):

  • Website: https://www.ftc.gov
  • Phone: +1 202-326-2222
  • Address: 600 Pennsylvania Avenue, NW, Washington, DC 20580, USA

United Kingdom (Information Commissioner's Office):

  • Website: https://ico.org.uk
  • Phone: +44 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK

For users residing in other countries, please contact your local data protection authority for more information on the processes for lodging a complaint.

We encourage you to contact us first (privacy@clockk.com) with any concerns or questions, as we are eager to address and resolve any issues directly.

Limited Use requirement

Clockk’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Additional Limits on Use of Your Google User Data: Notwithstanding anything else in this Privacy Policy, if you provide Clockk access to the following types of your Google data, Clockk’s use of that data will be subject to these additional restrictions:

Clockk, specifically the Clockk Desktop app (tracker) you install on your computer, if you connect it to Google services, will read only Gmail message headers (specifically from, to, cc, and subject) and Google Calendar data (specifically event name, date, time, duration, attendees, location and description). The Clockk Desktop app (tracker) will transfer those data to the Clockk API for processing. Processing includes developing, improving or training a personalized AI/ML model, useful for automatically assigning your work to billable projects. Clockk will not use Gmail, Google Calendar, nor any other tracked data to develop, improve, or train generalized AI or ML models. None of your tracked data, from Gmail, Google Calendar or otherwise, will be transferred to third-party AI tools. The Clockk Desktop app and Clockk API will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

Clockk will not use this Gmail or Google Calendar data for serving advertisements.

Clockk will not allow humans to read this data unless we have your affirmative agreement for a specific day’s content (which may include GMail message headers), doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Clockk’s internal operations and even then only when the data have been aggregated and anonymized.