How we handle the Personal Data Regulation (GDPR)
TIMEmSYSTEM works on the basis of an IT security policy, which is the overall framework for IT security for the company, its employees and suppliers. That is why TIMEmSYSTEM has developed internal processes and procedures that enable us to achieve a level of security that complies with ISO27001.
In this way, TIMEmSYSTEM wishes to demonstrate its professional management of the IT area, which is the foundation of daily work, in order to be perceived as a stable and credible partner.
Our handling of your data is simply to access and view it in connection with updates and support. Your data is typically with the hosting provider or other affiliates responsible for your data. We are in dialogue with these and are collaborating on new updated data processing agreements.
All TIMEmSYSTEM employees take great responsibility for protecting data, software and hardware from abuse, tampering, destruction and loss, as well as from being flawed. Protection must thus work against all kinds of threats, internal or external - accidental or deliberate.
We point out that it is your responsibility to inform your employees that if an employee or HR administrator wants to make use of the new GDPR requirements, this must go through the current or previous employer and be justified, as TIMEmSYSTEM does not accept inquiries from individuals. TIMEmSYSTEM only deals with companies with a CVR or EAN no.
The right to gain access to their personal data (right of access)
The right to have their personal data deleted (the right to be forgotten)
As a customer, you can always ask questions or get advice and sparring regarding your product(s). Please write to email@example.com.
In dealing with GDPR for the Customer Center, we have decided that all cases that have been closed for more than 6 months will be deleted. After that, it is not possible to find them again. The reason for the 6 month retention period is because you as a customer will be able to seek and possibly reopen the case if it proves necessary.
For inquiries regarding customer center contact Peter Scheffman at firstname.lastname@example.org.
Below you can read more about how our products comply with the rules of the new legislation.
Until we have a solution ready where you as a customer can perform and set up the desired GDPR actions yourself, we will of course carry them out for you. See below how you can order and specify the condition for delivery after May 25, 2018.
Specific exceptions when deleting data
There have been challenges when an employee has registered on EU projects where their data does not necessarily have to be deleted after 5 years. This data must be excluded by deletion. Until a solution is clear where you can perform this action yourself, we can of course do it for you.
The process for this will be the following:
We send a data extract to the employee and send it for approval by the Administrator.
Following the Administrator's written acceptance per email, we will delete that data.
If extracting and processing data exceeds 5 users, it will be considered a Change Request.
Deleting personal data
TIMEmSYSTEM can offer to delete selected users and all data related to it. We have the option of preserving specified registrations (eg registrations on EU projects).
Contact Peter Scheffman at email@example.com.
We carry out the tasks in the order in which we receive the orders, which can therefore be waiting time during the busiest periods. We endeavor to complete the tasks within 2 working days after receiving the list of employees.
The production environment is copied to the test environment. Then the deletion is tested in the test database, which the customer must approve. After written approval, the same deletion is performed in the production environment database. The backup of the production environment is deleted at the same time as data is deleted in the production database.
NOTE: It is not possible to restore data after deleting the production backup.
We have developed a function that logs the user's activities in mTIME. To get this log, mTIME needs to be updated and the functionality set up on your mTIME server. After that, a file will be added to your predefined destination.
We carry out the tasks in the order in which we receive the orders. Waiting may therefore occur during the busiest periods. We endeavor to set up the event log immediately after we receive a written order.
Event logs require a lot of space on your mTIME server to work. About 40GB logs are expected to be generated in one year per mTIME installation.
It's your responsibility to contact your hosting provider and verify that there is space on the event log server.
The right to be informed and gain insight
TIMEmSYSTEM offers to export data on selected users.
We perform the tasks in the order we receive the orders. Waiting may therefore occur during the busiest periods. We endeavor to complete the tasks within 2 working days after receiving the list of employees.
An individual agreement is made on the transfer of the exported data file.
Information for all mTIME users
We recommend informing your users that no sensitive information should be entered in all comment fields in mTIME. Anything written in the comment fields of mTIME and its associated modules will be visible to the user's human resources manager, administrators, and others with rights to view the user's data.
Our mTIME and mTS managers are ready to hear from you when or if you need help.
At the beginning of June 2018, it has been possible to access two new reports in mTS.
One report can generate all information about each user in the institution's mTS system. The information can be sent to people who wish.
The second report can delete all information about employees who resigned more than 5 years ago. To avoid errors, there will be a delay in deletion.
If you would like help with this, please create a case in our customer center.
TimeEdit meets the requirements of the Personal Data Regulation (GDPR). In this connection, TimeEdit has updated the system to include it is possible to mark whether users and objects contain personally sensitive data in order to retrieve and delete this data if necessary.
Our TimeEdit consultants are ready to help review and customize your setup to be GDPR compliant. Just contact us when or if you need help. The extent of the work depends on how clear and prepared you are with regard to which parts of your set-up and object management must be marked in order to comply with the provisions of the GDPR.
The system anonymizes or deletes data after a set date of your choice.
An upcoming feature allows administrators to mark data (fields) as person-sensitive.
It is also possible to delete or anonymize data for individuals, as well as store individuals' data in XML format.
Contact Niels Jørgensen at if you have any questions.