Last Updated: September 1, 2022

FlexyTime and Privacy

FlexyTime respects the privacy of its users and is fully committed to protecting their personal data.

This Privacy Policy applies to all FlexyTime users, and clients and to all FlexyTime platforms and services, including our apps, websites, features, and other services. This privacy policy explains how FlexyTime (“FlexyTime”“we”“us”“our”) and our affiliates process information about individuals, including personal data, in relation to the use of the FlexyTime.com website and the real-time time tracking service that analyzes productivity (“Service”). Below you may find detailed information about what type of information we collect about individuals and why, what we do with it, and how we handle such information.

By accessing or using this website or any of our Services, you agree to the terms set out in this Privacy Policy, Cookie Policy, Terms of Service, and other terms, and policies posted on our website. If you do not agree to this Privacy Policy, you must leave this website and discontinue all use of any of our Services.

1. Introduction

1.1 This Privacy Policy governs the processing of Personal Data of independent individual users (the “User” or “you”) of the FlexyTime Service, visitors of the FlexyTime website (“you”) as well as the processing of Personal Data by FlexyTime on behalf of companies, organizations, institutions, groups of people, etc., that track time of their employees or other individuals within their FlexyTime account group (“Client”) within the Service.

1.2 FlexyTime shall process Personal Data in accordance with applicable data protection laws and in respect of Data Subjects within the European Economic Area (“EEA”) FlexyTime shall comply with requirements of European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).

1.3 In this Privacy Policy, the term “FlexyTime” refers to Eclone Yapay Zeka A.S., a company registered in the Republic of Turkey, registration number: 84695-5, address: Suadiye Mah. Bagdat Cad. Ark 399 Apt. No:399/1/1 Erenkoy – Kadıkoy – Istanbul, Turkiye.

1.4 The terms “Personal Data”, “Data Subject”, “Processing”, “Controller”, “Processor” and “Supervisory Authority” as used in this Privacy Policy shall have the same meanings as given in the GDPR.

1.5 FlexyTime acts as a Data Controller and sets the purpose and means for processing the following data:

1.6 When FlexyTime processes Personal Data that have been transferred to FlexyTime by the Clients, FlexyTime acts as the Data Processor.

2. Processing data on behalf of clients by FlexyTime as a data processor

2.1 This section concerns FlexyTime Clients that transfer Personal Data of end-users of the Service, such as personal data of Client’s employees, to FlexyTime. In respect of such data, the Client sets the purpose and means of processing Personal Data, therefore the Client is the Data Controller.

2.2 FlexyTime processes end-users’ Personal Data on behalf of the Client, and FlexyTime only accesses the data to render the Service, therefore FlexyTime is the Data Processor.

2.3 If you as a Data Subject are the end-user of FlexyTime Service and your profile was created by your employer, the privacy policy of the Client (e.g., your employer or other organization that created your account), on whose behalf we process the data, will apply. This means that any inquiry, request, objection, or complaint that you as a Data Subject may have in connection with the processing of Personal Data that forms part of your FlexyTime account should be addressed to and resolved by the Client as the Data Controller.

Details of processing

2.4 When the Client creates accounts for end-users in its group the Client transfers the Personal Data of such end-users to FlexyTime. In that way, the Client instructs FlexyTime to process Personal Data to provide Service to the Client pursuant to the agreement concluded between the Client and FlexyTime.

2.5 For the avoidance of doubt, this Privacy Policy contains complete and final instructions of the Client to FlexyTime in relation to the processing of Personal Data of end-users, and this Privacy Policy constitutes a binding data processing agreement.

2.6 FlexyTime will always process all Personal Data on behalf of the Client following the Client’s instructions and in compliance with the applicable data protection laws and regulations including requirements of GDPR where applicable.

Type of personal data and categories of data subjects

2.7 Categories of data subjects whose Personal Data will be processed on behalf of the Client include the Client’s employees, representatives, and other end-users that will be registered under the Client’s group account. The information about these individuals that may contain Personal Data is indicated in section Paragraph 4.

2.8 Client represents that it has acquired all necessary consents and/or relies on other appropriate legal basis for the processing of Personal Data of end-users. Client confirms that end-users have been informed about the fact that their Personal Data is transferred to FlexyTime as a Processor and other third parties used by FlexyTime for the provision of Service.

Duration of the processing

2.9 FlexyTime will process the aforementioned data for as long as FlexyTime provides the Service to the Client and the Client has an active FlexyTime account.

2.10 When an end-user’s account is deleted by the Client, FlexyTime will process data of deleted accounts in the Client’s group for the statistical and analytical interests of the Client. However, such data can be deleted at any time upon Client’s request.

2.11 After terminating the contractual relationship between FlexyTime and the Client, we may continue to store some Personal Data, but limited to the minimum amount required, as might be necessary for us to comply with legal obligations, to ensure reliable backup systems, to resolve disputes between the Client and FlexyTime, if any, to prevent fraud and abuse, to enforce FlexyTime agreements, and/or to pursue legitimate interests of FlexyTime or third parties.

Sub-processors

2.12 The Client consents that FlexyTime, to provide Service to the Clients, uses sub-processors that provide FlexyTime the services indicated in Paragraph 7. FlexyTime ensures that it only uses sub-processors that comply with the same data protection obligations as set out in this Privacy Policy, in particular, provides sufficient guarantees and has implemented appropriate technical and organizational measures, and otherwise complies with the requirements of GDPR where applicable. If such a sub-processor fails to fulfill its data protection obligations, FlexyTime shall not be liable to the Client.

Assistance to the controller

2.13 Taking into account the nature of the processing, FlexyTime as a Data Processor will assist the Client with the provision of technical or organizational measures, insofar as possible, for the fulfillment of the Client’s obligations as a Data Controller in relation to:

Return and deletion of data

2.14 Unless otherwise required by applicable law, FlexyTime has no obligation to store the Client’s data after termination of the agreement with the Client and deletion of the Client’s account and all accounts associated with it.

2.15 At the choice of the Client, FlexyTime will delete or return all the Personal Data to the Client after the end of the provision of Service relating to processing and shall delete existing copies, unless applicable law requires FlexyTime to store such Personal Data.

3. Purposes and grounds for processing

3.1 FlexyTime as a Controller shall process your Personal Data to provide you with the Service, to improve our Service, to solve any Service-related issues you may have, and to ensure that you receive the best customer experience possible.

3.2 FlexyTime collects and processes your Personal Data including, but not limited to the following purposes:

We’ll ask for your consent before using your information for a purpose that isn’t covered in this Privacy Policy.

3.3 FlexyTime only collects and processes your Personal Data where we have lawful basis. Legal grounds for the processing of your Personal Data vary depending on the specific group of data and the purposes for processing it. Note that we may be processing the same Personal Data for several purposes simultaneously and, respectively, on more than one legal ground.

Contract: Most of the time the legal basis for processing your Personal Data is the contractual relationship between you as the User of Service and FlexyTime since we need certain information to conclude the contract and to fulfill our obligations arising out of this contract.

Legal obligation: In some cases, FlexyTime processes Personal Data on basis of legal obligations imposed on us by applicable law, such as financial and tax reporting obligations or if we have to respond to legal processes.

Legitimate interests: Processing of your Personal Data is necessary for pursuing legitimate interests of FlexyTime or for the legitimate interests of third parties, always provided that such processing shall not outweigh your rights and freedoms. For example, we may process your data for marketing purposes based on our legitimate interest in growing and improving our business. Other legitimate interests include maintaining the Service to meet the needs of our Users and Clients, advertising to make our Service freely available for users, detecting and preventing fraud, abuse, security, and technical issues with the Service, fulfilling obligations to our partners, enforcing legal claims, etc.

Consent: Some Personal Data we process based on your consent. This is the information that we do not need for the performance of the contract, but you voluntarily may provide us with such information. By taking such clear affirmative action as uploading your photo to your FlexyTime account, entering notes, entering your e-mail address in the blog subscription field, and clicking “subscribe” you signify your consent to the processing of your respective Personal Data. By using the absence calendar and adding “away time” you take affirmative action and manifestly make this information available in your FlexyTime account. Note that you have the right at any time to delete this information and withdraw your consent.

4. Information we collect from FlexyTime users

4.1 FlexyTime collects, generates and receives information in a variety of ways when you use the Service. Some of this information constitutes Personal Data.

Information you provide upon creating your account

4.2 As a User of FlexyTime Services you provide us with information containing your Personal Data. Upon registration and creating your profile you provide us with the following information:

4.3 Please note that some options within the Service allow our Users to voluntarily disclose their Personal Data such as your photo, or any data that you enter into notes, as well as some special category data, e.g., data concerning health when using the absence calendar function. FlexyTime does not oblige Users to submit such data since it is not essential for the provision of the Service, and Users can use the Service without providing us with the aforementioned data.

Third-party integrations

4.4 You can choose to integrate third-party services in relation to certain aspects of FlexyTime Service. A third-party service is software that integrates with the Service, and you can enable or disable such integration for your FlexyTime account.

4.5 Once enabled, the relevant third-party service provider may share certain information with us. For example, if you choose to use a third-party service (such as Google, Facebook, Twitter, or LinkedIn) to sign up for the Service, then the provider of such a service may send us your name, user ID, and email address. Or if some other third-party application (e.g., project management service, Google or Outlook calendar) is enabled to permit data to be imported into Service, we may receive such information as you have elected to let the application make available to us. You should check the privacy settings of these third-party services to understand what data may be disclosed to us.

Information you provide by configuring your account

4.6 Upon configuring settings of your FlexyTime account, including performance tracking preferences, you provide us with the following information, which in connection with other information may contain Personal Data:

Location, time zone, start and end time of your workday, work duration, start and stop time of work tracking, working days, tracking days, hourly rate, offline time input options, private time input options, application names to be collected, options to hide owners, absence calendar, information about colleagues, option to use calculation tool of project costs.

Information generated when using the Service

4.7 Some of the information processed by FlexyTime is created by you using the Service, and this information may also contain Personal Data. FlexyTime records the following information when you use the Service:

IP address where you logged in, browser type and browser software version, names of applications used, names of tasks to be worked on, websites visited, FlexyTime client version, the path to the application, start and end time of use, and time spent on breaks. FlexyTime may record the number of keystrokes or mouse movements, but we do not record what you type or where you click.  It is not a keystroke-logging application.

4.8 When you are just the end-user and not the Client of the Service, the above-mentioned information is provided to FlexyTime by the Client (e.g., your employer).

5. Information we collect from FlexyTime website visitors

5.1 Upon visiting our website we may collect and process the following information that may contain your Personal Data:

Learn more about how we use cookies on our website by reading our Cookie Policy.

5.2 When you subscribe to the FlexyTime blog, leave comments on blog entries or submit a question to us, you are providing FlexyTime with the following information that contains your Personal Data:

5.3 When you subscribe to our blog or newsletter, we will process your e-mail address to send you informative materials, such as newsletters, advertisements, and others. At any point in time, you can unsubscribe from receiving the above-mentioned information in your e-mail footers.

6. Retention period

6.1 FlexyTime retains the Personal Data of User account for as long as you maintain your FlexyTime account or as otherwise necessary for FlexyTime to provide you the Service.

6.2 Data created by you when using the Service (paragraph 4.7) is kept by FlexyTime for 13 months. After 13 months only general information like “arrival time”, “left time”, “FlexyTime time”, and “time at work” are kept for statistical purposes.

6.3 After you as a User terminate your relationship with us by deleting your FlexyTime account or otherwise terminating the contract for FlexyTime Service, we may continue to store certain information as reasonably necessary to comply with our legal obligations, to resolve disputes, if any, to prevent fraud and abuse, to enforce our agreement, and/or to protect our legitimate interests.

7. Sharing your personal data with third parties

7.1 For FlexyTime to be able to provide you with our Service, we work with third parties that provide us with different services we need in the ordinary course of our business. Therefore, we share your Personal Data with such third-party service providers. They process your personal data on behalf of FlexyTime.

7.2 The categories of recipients of your Personal Data include hosting and server co-location service providers, communication and content delivery networks, data and cyber security service providers, billing and payment processing service providers, fraud detection and prevention service providers, web analytics, email distribution and monitoring service providers, session recording service, marketing service providers, legal and financial advisors, among others (“Third-Party Service Providers”).

7.3 Third-Party Service Providers only receive a strict minimum amount of Personal Data as necessary for them to provide us with the requested service. FlexyTime shares Personal Data only with such Third-Party Service Providers that can demonstrate that they have implemented appropriate measures to ensure that Personal Data is processed in compliance with GDPR and other applicable laws and regulations.

7.4 In certain situations we might have legal obligations to share your information with third parties. Such a situation may arise when sharing your Personal Data with a third party is required by law or when information is requested by public authorities.

7.5 FlexyTime may share your Personal Data with FlexyTime parent company, subsidiaries, affiliates, distributors, and resellers for the provision of Services and other purposes as described in this Privacy Policy. FlexyTime may also share your Personal Data if FlexyTime sells, buys, merges, acquires, or partners with other companies or businesses, or if FlexyTime is under reorganization, liquidation, or bankruptcy.

7.6 Personal Data processed by FlexyTime may be transferred to recipients outside of EEA. If FlexyTime transfers Personal Data outside of EEA, FlexyTime will only send Personal Data to such recipients that have taken adequate data processing and protection requirements and that can ensure an adequate level of protection or have provided adequate guarantees.

8. Data subject’s rights

8.1 Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to your Personal Data to seek to update, delete or correct this data, to restrict or object to the processing of your data, as well as the right to portability of your Personal Data.

8.2 You can use these rights by logging into your FlexyTime account or by getting in touch with FlexyTime using the contact information provided below in Paragraph 11.

8.3 Furthermore, if you believe that FlexyTime has unlawfully processed your Personal Data, you have the right to submit a complaint to FlexyTime by using the contact information provided below, or you may submit a complaint to a respective data protection supervisory authority in your country.

8.4 If you are an individual whose Personal Data has been provided to FlexyTime by the Client (e.g., an employee of the Client), please contact the Client to exercise your rights as a Data Subject stated above.

8.5 In case FlexyTime receives a complaint or request from an individual, whose Personal Data has been provided to FlexyTime by the Client, exercising his/her rights as a Data Subject, FlexyTime will not respond to such complaint or request without prior written authorization by the Client.

9. Personal data security

9.1 FlexyTime uses reasonable organizational, technical, and administrative measures to protect the confidentiality, integrity, and availability of Personal Data. We encourage Users, Clients, and their end-users to take care of their own Personal Data as well as Personal Data in their possession and set strong passwords for FlexyTime account, limit access to computer and browser by signing out after the end of the session, and as possible avoid providing FlexyTime with any sensitive information, disclosure of which could cause substantial harm to Data Subject.

9.2 All of FlexyTime’s authorized personnel involved in the processing of Personal Data provided to us have committed themselves to confidentiality obligations and shall not access or otherwise process Personal Data without authorization and if it’s not necessary for the purposes such data was obtained in the first place.

9.3 In the event a Personal Data breach occurs, we will notify you in compliance with the obligations set out in applicable laws and will provide reasonable assistance regarding the investigation of Personal Data breaches and the notification to the supervisory authorities and data subjects regarding such personal data breaches.

10. Privacy policy changes

10.1 FlexyTime may occasionally amend this Privacy Policy for example in cases when we introduce new services or new features. The amendments to this Privacy Policy enter into force and are applied from the moment they have been uploaded to this page.

10.2 Therefore, we encourage you to check this page from time to time. By continuing to use our Services or otherwise providing Personal Data to us, after the amendments to this policy have been implemented, you agree to the updated terms of the Privacy Policy.

11. Contact information

In case you have any questions about this Privacy Policy, or our data processing practices, or if you would like to exercise any of your rights as a Data Subject regarding your Personal Data, please contact us by email at hello@flexytime.com, or by using the contact details below:

Eclone Yapay Zeka A.S – FlexyTime

Attn: Data Protection Officer
Address: Suadiye Mah. Bagdat Cad. Ark 399 Apt. No:399/1/1 Erenkoy – Kadıkoy – Istanbul, Turkiye

Effective as of September 1, 2022.