Valid from: 23.09.2019
Hours OÜ, Estonian registry code 16434060, (hereinafter “Hours”) owns and operates software for the recording of working time (“Software”), which can be used on www.hours.ee and www.hours.fi or on a smart device digital application (Hours – Time tracking).
Information to be collected
1. Hours collects and processes the following user data (“Personal data”):
- electronic identification data (IP addresses, cookies)
- identification data (name)
- correspondence between User and Hours
- contact details (phone, e-mail)
Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:
- Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
- Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.
2. Hours does not collect data about Employees, working hours or other content regarding employment contracts entered between Employees and Users.
3. Hours will maintain the confidentiality of Employee Data entered through the Software. Hours sees and collects Users registration data only (company name, email). Hours does not have any access to an Employees data (personal data, content of employment contracts, hours worked, salary, etc.), and thus does not collect, store or process any information entered by the User in respect of the Employee. Employees information is stored on DigitalOcean server, with the following privacy settings: https://www.digitalocean.com/legal/privacy-policy notice.
Entering personal information into Hours software
4. Disclosure of personal information to Hours is voluntary but may not be strictly necessary for the use of the Software. Therefore, if the User chooses not to disclose personal Information to Hours, the service cannot be provided.
5. Hours is not aware of any personal data stored, collected and uploaded by the User in the Software, Hours has no direct access to such personal data, unless the User has given Hours permission to do so or it is strictly necessary, in particular, for the User in using the Software.
6. The User has the right to change, add, correct and delete his / her personal data and personal data at any time, without having to notify Hours of any changes.
Controller and processor
7. The Software User is the controller of the personal data; Hours is the authorized controller.
8. Hours does not own, control or manage the use of the personal data stored or processed by you in the use of the Software. Only the User has access to the personal data of the Employees stored by him / her.
9. Since Hours does not collect or determine the use of personal data by Users, nor does Hours determine the purposes, methods or use of the collection of Personal data, Hours does not act as a controller within the meaning of the EU General Data Protection Regulation (EU 2016/679, hereinafter GDPR) and Hours does not have any controller responsibilities under the GDPR.
10. Hours will only qualify as an authorized controller with respect to the personal data containing information, subject to the respective requirements set forth in the GDPR for the authorized controller. Hours will not allow the User to transfer or otherwise make available to third parties any user data that contains personal data unless expressly authorized by the User.
11. Hours processes the personal data referred to in Section 1 of the software users in order to provide the service to the User or to secure the provision of the service and / or according to the User’s consent. The User has the right to withdraw the consent for the processing of personal data at any time. Withdrawal of the consent shall not affect the lawfulness of the processing carried out based on the prior consent.
12. Pursuant to the GDPR, the User is the controller of the personal data with respect to any customer data containing the personal data, which means that the User controls the manner in which the personal data is collected and used, the purposes for which it is processed and how it is determined.
13. Hours is not responsible for the content or any other information uploaded by the User and stored on DigitalOcean servers at the User’s sole discretion.
14. Hours is not responsible in cases the User collects, processes, publishes or disseminates the personal data of himself or of the Employees.
Transmission of data
15. Hours does not transfer personal data of Users to third parties without the User’s explicit request or explicit consent, the system automatically stores employee’s data on DicitalOcean servers, Hours team does not have an access to the employees data and its content.
17. Hours may, with the User’s consent, only transmit the following information about Users without the User’s consent:
- publicly available information about the User;
- information not identifying the person;
- information required by law and law enforcement agencies;
Publication of data
18. Hours has the right to disclose personal or other information that is in good faith relevant or necessary to
- take precautionary measures against liability;
- protect yourself or others from fraud, malicious or unlawful use or activity;
- investigate and defend against any third-party claims or submissions;
- protect the security and integrity of the software;
- protect his property or other benefits, enforce contracts;
- protect the rights, property or safety of others.
19. Hours will retain only the User data referred to in Clause 1 until the termination of the customer relationship or until the User´s account is active or for a limited period as required by
- the contents of closed accounts are deleted within 3 months of closure;
- invoice information is kept for 7 years in accordance with Estonian accounting requirements;
- legal action information between the User and Hours will be retained for 10 years in accordance with the general statute of limitations established by Estonian civil law.
20. In order to terminate the customer relationship and delete the collected data, the user must submit a corresponding application to Hours at email@example.com.
Deletion of data at the request of the User
21. The User has the right to request the deletion of any personal data collected about himself / herself (the personal data mentioned in Clause 1) from the Hours software and system.
22. A written request to delete or block data must be made to firstname.lastname@example.org.
23. The User has the right to request only the deletion of his / her Personal data. Hours may not erase any User’s data at the request of a third party and without the same user’s request and consent.
24. If Hours has any doubts about the right of the request or the maliciousness of the request, the identity of the applicant or the right of representation, Hours has the right to require the User to further identify himself, for example by digitally signing the request or in the case of foreigners, Hours has the right to ask the applicant to get his/her signature notarized according to the foreign laws. The original notarized document should be sent to Hours by registered post.
26. Hours will post all changes on its website and will not notify all Users individually about the changes.
27. If you have any questions, please contact Hours OÜ:
Phone: +378 401826272