Version 1.0 Last updated 29th Aug 2020.
Our Privacy Notice explains how we apply data protection and privacy principles to the personal data that we process. Introduction
Visit Time processes two broad categories of Personal Data:
We may change this Privacy Notice from time to time. If we make changes, we’ll revise the updated date at the top of this notice, and we may provide additional notice such as on the Visit Time website homepage, account sign-in page, or via the email address we have on file for you. We will comply with applicable data protection laws with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.
We hope we can resolve any disputes relating to our privacy practices between us. You can raise your concern or dispute by emailing our Data Protection Officer at firstname.lastname@example.org.
We collect and process Customer Data in various ways and for a variety of purposes.
We use Google reCAPTCHA for the purpose of verifying administrative users of Visit Time services. The reCAPTCHA is a service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
The reCAPTCHA is used to check whether data entered in the Visit Time services by administrative users has been entered by a human or by an automated program.
To do this, reCAPTCHA analyses the behavior of an administrative user based on various characteristics. This analysis starts automatically as soon as an administrative user enters the Visit Time services. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the user has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses takes place completely in the background. Users are not advised that such an analysis is taking place.
Data processing is based on Art. 6 (1) (f) of the GDPR. Visit Time has a legitimate interest in protecting its site from abusive automated crawling and spam. We consider this to be proportionate and will not be prejudicial or detrimental to data subjects.
In addition to the uses and purposes outlined above we use all of the information we collect when you sign up for a Visit Time account and interact with our services to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services.
Visit Time processes personal data that you or your end users enter into our services through your use of our products. This personal data is process by us as a processor, in order to perform the services that we provide you with pursuant to the Master Services Agreement, the Data Protection Addendum, our Acceptable Use Policy, any applicable Order Forms, and as further instructed by you in the use of our services.
We have no direct control or ownership of the Application Data that we process.
Customers may submit Application Data to our services in accordance with our Acceptable Use Policy, the extent of which is determined and controlled by our customers in their sole discretion, and which may include, but is not limited to the following categories of personal data:
In addition to the data set out above we also record technical information including IP Addresses in order to ensure the smooth running and security of our services.
You have certain rights in relation to your personal data that we process. The exercise of these rights may vary depending on the data protection laws that apply to us both in relation to your personal data.
If you wish to exercise any of these rights, then please contact our Data Protection Officer at email@example.com. If we can’t deal with any of your requests then we’ll get back to you and explain the reasons why. We’ll aim to get back to you within one month. For more complicated requests, or for many requests, we might take longer, but we’ll tell you if there’s a delay and the reasons why.
If you wish to exercise any of these rights in relation to personal data that we process on behalf of our customers who use our services, then please direct your request to the relevant customer who is the controller of such data.
We only share your data with third party service providers, known as subprocessors, for the purposes set out in this notice. These providers are limited to only accessing or using this data to provide services to us.
We do not sell, rent, exchange or allow your data to be used by third parties for their own marketing purposes.
Before we engage a subprocessor, we carry out a detailed audit to ensure that they have necessary security measures in place, and that they comply with all relevant data protection and privacy laws. We enter into contracts with each subprocessor that ensure that they provide the same levels of protection that we agree to provide you under our Master Service Agreement, our Data Protection Addendum and this Privacy Notice.
We maintain appropriate administrative, physical, and technical safeguards to protect the security, confidentiality and integrity of your personal information. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.
Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
There are various steps that you can take to protect the confidentiality of your Visit Time account and protect it from unauthorized use, such as the implementation of two factor authentication and using a strong password policy on your account.
Please contact us immediately if you think your password or Visit Time account has been compromised.
Once you delete your Visit Time account we will delete Customer and Application Data in accordance with the schedule set out below.
We reserve the right to retain personal data for longer than these periods only if:
We reserve the right to contact you using your contact information during the 30 day period between the date you delete your account, and the date we delete your account data from our systems.
|Type of data||Retention and deletion procedures|
|Customer and Application Data held in a Visit Time account (with a paid subscription) when you delete your account or there is a payment failure.||After 30 days we will delete all Customer Data, (including name and email), together with all your Application Data from our production databases. After a further 30 days, your Customer and Application data will be deleted from our backup systems.|
|Customer and Application Data held in a non-paid account with an expired trial, or when you delete your non-paid account.||After 60 days (unless you have started a trial of another one of our products, or you have purchased a paid service plan) we delete all Customer Data (including name and email) together with all your Application Data from our production databases. After a further 30 days, your Customer and Application Data is deleted from our backup systems.|
|Communications with Visit Time, including our Sales, Customer Success and Privacy teams held in our customer service application.||We retain sales records for accounting and tax purposes depending on, and in accordance with, applicable tax law.|
|Credit card and PayPal information used for billing purposes when you delete your account.||After 30 days we delete credit card and PayPal payment data held in our internal PCI compliant billing databases. After a further 30 days, this payment data is deleted from our backup systems.|
|Email and contact information used for marketing purposes.||Your contact data is deleted from our marketing database when you unsubscribe or opt out of receiving marketing emails.|
|Cookies and tracking technologies.||How long we retain this data depends on the type of cookie or tracking technology being used, and the choices you make about cookies and tracking technologies. We do not place cookies on customer booking pages.|