GDPR Compliance
A time tracking software that complies with GDPR
If you have any inquiries specifically related to Beebole and the GDPR, please email us: support(at)beebole.com
Below are links to our policies impacting the protection of your data:
Information We Collect
The General Data Protection Regulation, effective May 25, 2018, establishes a specific protocol for data protection for citizens and residents of the European Union.
At Beebole we’ve always taken the approach of Privacy by Design and, after several months of work, we’ve adapted our time tracking application to the requirements laid out by GDPR, to ensure it is compliant with the regulation.
Below we’ve responded to some of our clients’ most frequently asked questions regarding GDPR compliance. We also share our approach to data protection, for users of our platform as well as visitors to our corporate website.
What is GDPR and how does it affect me?
Many articles have been written describing the details of GDPR. It’s likely that, within your own company, the legal department has already explained what the regulation consists of.
Thanks to this regulation, which protects the privacy of our online data, all residents of the European Union (as users of any tool, website, business, etc.) must give unequivocal consent for companies to use said data. As a company, we must also specify what data we are using, and how we are using it.
If your company is not based in the European Union, but does have users who are EU residents, or some scope of activity in the EU, GDPR also applies.
The Beebole app now has a GDPR module, which appears by default for all companies using Beebole and can be found in your settings screen. In our support documentation, we offer more info about everything the module can do.
With the GDPR module you will be able to assign a data officer, download available data on any employee who requests it, and, if activated in your account settings, delete audit trails after 90 days.
How long is data saved on Beebole?
This depends on the type of data. But don’t worry, all your company’s timesheet and employee data will be saved on the platform for as long as you use the tool.
We run daily database backups, and we have modified the lifecycle of those backups so that the oldest ones are deleted after 30 days. In other words, your data is always saved in daily backups with a retention cycle of 30 days.
On the other hand, we also have internal logs used for error analysis and system optimization. These logs have a retention cycle of 90 days.
I’ve activated the Audit Trail function. Can I still delete this data?
If you have activated the audit trail function for employee timesheets, you can choose in the GDPR module whether or not this data will be deleted after 90 days or saved indefinitely.
Can I assign a data officer to my company’s Beebole account?
Yes. In the GDPR module you can include the email address of the data officer.
Can I download data on a specific user if they request it?
Of course. If any user asks an administrator to provide the data about them stored on Beebole, this information is readily available.
With the GDPR module, account administrators or data officers can download a json/csv file with all the data registered in Beebole for a specific user.
Can I delete all of the data for a specific user? How can I carry out the GDPR’s “Right to be Forgotten” in Beebole?
Yes. You can delete any user and the deletion is immediate. Backups and logs data will be erased within 90 days.
Does Beebole have its own data officer?
Yes, you can contact support(at)beebole.com for any issues or questions related to data processing.
Can I obtain a Data Processing Agreement with Beebole?
Sure, to request the Data Processing Agreement just email support(at)beebole.com
What information do you save about my visits to your corporate website?
This is a great question, because we’ve given a lot of thought to how to adapt our marketing to the new GDPR regulations. Simply put, we’re applying the Privacy by Design approach to marketing as well. Following the advice of web analytics experts like Brian Clifton, we’ve chosen to anonymize IPs in Google Analytics, deactivate the user view function (therefore we cannot link a website visit to a Beebole user), deactivate all demographic functions of Google Analytics, and uninstall all third party scripts related to social media (specifically Facebook, LinkedIn, Twitter, and Outbrain). Even the share buttons on our blog have been made static, so they will not transfer any information to third parties via pixels.
Therefore, while our marketing and communications team are now “navigating” blind, web users can browse completely anonymously. In our updated policies on privacy and cookies we’ve explained this in more detail.
Will there be more changes?
Our GDPR module currently complies with all possible scenarios for data protection claims. However, the EU has announced new changes to the legislation for the end of 2018. We’re paying close attention to any and all announcements, to ensure the app is updated to comply with these regulations and to give peace of mind to our hundreds of clients located or operating in the EU.
We’ll keep you up to date with updates on this page, as well as notifications via chat and email.
Don’t hesitate to contact us with any questions. Just open the chat window inside the app and shoot us a question. As always, we’re happy to help.
Thank you for continuing to trust Beebole.