Privacy Policy and Data Protection

At Truein(including its subsidiaries or affiliated companies, henceforth  also referred as ‘Truein’, ‘we’ or the ‘Company’), we understand that  you are trusting us with confidential information and we believe that  you have a right to know our practices regarding the information we may  collect and use when you use the our service or interact with us in any manner.

Truein is a cloud-based SaaS platform that  enables organizations to manage Time & Attendance and other related  services. Truein Mobile Apps are also part of the same offering. In  addition Truein also operates the Truein.com website. A User may be  either an entity, for example an employer which has executed an  agreement with Truein or with Truein’s resellers or distributors who  provide Truein’s services (“Customer “) or a Customer’s users for  example a Customer’s employees, of the Services or users of the Website  (“End User(s)“) (Customer and End User shall collectively be referred to as “Users” or “you“).

Account owner is the Truein account’s  Administrator for his/her company’s account created in Truein. The  accounts owner has a full right over the company account data, and He  /She can create other company’s users and grant them data access  permissions. Account owner is responsible for all the data entered,  employee’s images, demographic data and any other data related to the  company employees and users.

This Privacy Policy describes the policies and procedures of  Truein on the collection, use, access, correction, and disclosure of  your personal information on Truein.com (the “Site”), our Mobile Apps  and Admin Web Dashboard. Your personal information will include any  information which, either alone or with other data, is reasonably  available to Us and relates to you (“Personal Information”). This  Privacy Policy also covers any of your Personal Information which is  provided to Us and which is used in connection with the marketing of the services, features or content We offer (the “Services”) to Our Clients  and/or the support that We may give you in connection with the provision of our Services and the Mobile Apps.

This Privacy Policy does not apply to any third party  applications or software that can be accessed from the Site, the  Services or the Mobile Apps, such as social media websites or partner  websites (“Third Party Services”). By using our Services, you  acknowledge you have read and understood this privacy policy.

For the purposes of GDPR or European Economic Area data  protection law, (the “Data Protection Law“), the data controller of the  data processed through the Service is the Customer who makes available  and permits End Users to access and use the Service or anyone on its  behalf. For data retained through the website or data processed not  through the Service (i.e. contact details of potential customers or  resumes sent to us from potential employees for the purpose of  engagement with Truein), Truein is the controller (the “Controller”)

Information we collect about you and how we use it

Personal Information
We generally collect and process the following types of Personal Information:
Personal Information which is being gathered through the Service consists of any personal details  provided consciously and voluntarily by a Customer (Employer), End User  or the Customer’s administrator or through your use of the Truein platform.

This may include your name  (first and last), birthdate, gender, nationality, job title, phone  number(s), date you first started working for your employer, department  you work in, employee ID, address, country, city, postcode, your bank  account details (bank name, account number, branch address), termination date, termination reason, status in the system and in the workplace, IP address, Government ID details and other unique identifiers,  information the Customer chooses to collect and other information User  may choose to provide to Truein and to its employee.

Location Information
If you are using the  Truein User App (Employee self service app), we will capture your  geolocation for time keeping purposes. The GDPR legal basis for  processing this information is the contractual obligation to your  employer to perform the Services. If you are using the Truein Kiosk App, your employer may enable GPS to capture geo-location for time keeping  purposes.

Contact Information
When you express an interest in obtaining additional information about the  Services, the Site, or Mobile Apps, Truein may ask you to provide your  personal contact information, such as your name, email address, and  phone number. This information is used to communicate with you by  responding to your requests, comments and questions. The GDPR legal  basis for processing this information is the legitimate interest in  communicating with you and answering your questions.

Biometric & Attendance Information
We collect biometric data through our facial recognition feature to  record clock in/clock out, if the employer has requested logging in  through face recognition. The face biometric is not used for any other  purpose apart from enabling the attendance related services. The  registered face is retained till the user is active and requires face  recognition based attendance services. This face data will be removed  when the user is removed by the Account Owner. Also, the Account Owner  can choose to remove the registered face of any active user if it is no  longer required as per organization processes. We do not share face data  with any external third parties except the subprocessor required for  operation of the App and to perform related services of user  identification for time clocking. The subprocessors do not store user’s face after the processing is done.


We collect time entry and  attendance data when you use the App. The GDPR legal basis for  processing this information is the contractual obligation to your  employer to perform the Services.

Device Information
When using the Mobile Apps, We may request access to your device’s camera  and photo storage. This allows you to take and upload pictures and such  access would only be used in ways you choose. You may at any time revoke access at the device level. We do not access your device’s camera and  photo storage without your permission. When you download and use the  Mobile Apps, We automatically collect your device information such as  operating system version, type, hardware usage statistics, etc. The GDPR legal basis for processing this information is the contractual  obligation to your employer to perform the Services.

Non-personal Information
The first type of Data is non-identifiable and anonymous information  (“Non-personal Information”). We are not aware of the identity of the  User from which we have collected Non- Personal Information.  Non-Personal Information is any unconcealed information which is  available to us while Users are using the Service or the Website.  Non-personal Information which is being gathered consists of technical  information and behavioral information and which may include, the User’s Internet protocol (IP) address used to connect your computer to the  Internet, your uniform resource locators (URL), operating system, type  of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, the User’s ‘click-stream’ on the Website  and Services, the period of time the User visited a specific page on the Website or Service, methods used to browse away from a page.

Data Collected as a Service Provider
As a service provider, Truein systems only collects information as per the Customer (employer’s) requirement. Our Subscription Agreement governs  the delivery, access, and use of the Services and Mobile Apps, including the processing of Personal Information and data submitted through  Services accounts. The Customer (e.g., your employer) controls their Platform and any associated client data. If you have any questions about specific Platform settings, the processing of Personal Information in  the Platform, or its privacy practices, please contact the Customer  administrator of the Platform you use.
As a data processor we can provide a data processing  agreement to the Account owners. If you are an Account owner, you must  comply with the GDPR. Customer is responsible to collect any necessary  consent, provide any notice where necessary to their respective  end-users, and be compliant to applicable data protection laws. You can  request a data processing agreement from us by emailing  [email protected].

Disclosure of Personal Data

Third Party Services
At times, you may be able to access other Third Party Services through the Site, for example by clicking on links to those Third Party Services  from within the Site. We are not responsible for the privacy policies  and/or practices of these Third Party Services, and you are responsible  for reading and understanding those Third Party Services’ privacy  policies.

Information Shared with Our Service Providers
We will not share personal information about you with any third party  unless we have your permission or under the following circumstances:

  • To facilitate the operation of the App and Service and to perform related  services. For example and without limitation, maintenance services,  database management, web analytics and improvement of the Service’s  features or to assist us in analyzing how our App and Service is used. A third party here may have access to the personal information needed to  perform their functions but it may not use it for other purposes.

  • In certain situations, We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also reserve the  right to access, read, preserve, and disclose any information as We  reasonably believe is necessary to (i) satisfy any applicable law,  regulation, legal process or governmental request (ii) enforce this  Privacy Policy, including investigation of potential violations hereof,  (iii) detect, prevent, or otherwise address fraud, security, or  technical issues; (iv) respond to user support requests; or (v) protect  Our rights, property, or safety. This includes exchanging information  with other companies and organizations for fraud protection and  spam/malware prevention. We require all third parties to respect the  security of your Personal Information and to treat it in accordance with applicable laws. We do not allow third party service providers and  Sub-Processors We share your Personal Information with to use it for  their own purposes and only permit them to process your Personal  Information for specified purposes in accordance with Our instructions.  Except as set forth above, you will be notified when your Personal  Information is shared with third parties, and will be able to prevent  the sharing of this information. Unless We otherwise have your consent,  We will only share your Personal Information in the ways that are  described in this Privacy Policy.

Data Retention

Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. Truein shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of Truein’s trade secrets (Customer’s personnel may be required to executed a non-disclosure agreements). Truein will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. The data in Truein is backed up for system continuity purposes.

Each User must keep the  appropriate backup of its data. Truein shall not be responsible for any  deletion of data or for any breach to database or for any erroneous data unless otherwise agreed with its Customer.
After a termination of  services by a customer, We may begin the process to permanently delete the data after 30 days. Once begun, this process cannot be reversed and  data will be permanently deleted. Some data will not be deleted and  shall be kept in an anonymized manner.

Truein collects and retains metadata and statistical information concerning the use of the Service which are not subject to the deletion procedures in this policy and may be retained by Truein for no more than required to conduct its business. Some data may be retained also on our third-party service providers’ servers in accordance with their retention policies. You will not be identifiable from this retained metadata or statistical information.

Customer may retain Personal  Information and other Data about an End User which the Controller owns and the End User may have no access to. If you have any questions about  the right of the Customer to retain and process your Personal Information you should raise this directly with the Customer. You hereby agree not to assert any claim against Truein in this regard and waive any rights regarding such Data and Personal Information including the right to view and control such Data and Information.

Some metadata and statistical information concerning the use of the Service are not subject to the deletion procedures in this policy and may be retained by Truein. We will not be able to identify you from this data.
Anonymized aggregated data may be retained by Truein for as long as it is required to provide its services. Contracts and billing information may be retained as required  by Truein.

Where do we store your Data?
The Data we collect is hosted on the AWS and Google Cloud in India data centers which provides advanced security features and is compliant with  ISO 27001 standard. Truein services are provided globally and we are headquartered in India.

Data Security and Storage of information

We have implemented measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration and disclosure. The safety and  security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Steps  taken to ensure data security:
(a) All the user information can only be accessed by authorized users;
(b) Users need to authenticate themselves with a username-password combination; and
(c) All data is hosted on Amazon AWS and Google Cloud.



However, the transmission of information via public networks such as the  internet is not completely secure. Although we do our best to protect  your personal data, we cannot guarantee the security of your personal  data transmitted through the Services. Any transmission of personal data is at your own risk. We are not responsible for the circumvention of  any privacy settings or security measures contained on the Services.



The Personal Information is hosted on the Amazon AWS in India which provides advanced security features and is compliant with ISO 27001 standard, among other certifications, as listed here: https://aws.amazon.com/compliance/iso-certified

Truein limits access to personal data to those of its personnel who: (i) require access in order for Truein to fulfill its obligations under this Privacy Policy and agreements executed with Truein and (ii) have been appropriately and  periodically trained on the requirements applicable to the processing, care and handling of the Personal Information (iii) are under confidentiality obligations as required under applicable law.
Truein shall act in accordance with its policies to promptly notify Customer in the event  that any personal data processed by Truein on behalf of Customer is lost, stolen, or where there has been any unauthorized access to it subject to applicable law and instructions from any agency or authority. Furthermore, Truein undertakes to cooperate with Customer in investigating and remedying any such security breach. In any security breach involving Personal Information, Truein shall promptly take remedial measures, including without limitation, reasonable measures to restore the security of the Personal Information and limit unauthorized  or illegal dissemination of the Personal Information or any part thereof.

To the extent Company processes any Customer Personal Data (as defined in the DPA) on behalf of Customer in connection with the provision of the Services, the data protection addendum at https://www.truein.com/dpa (“DPA”) as may be updated by Truein from time to time if required by applicable law, which is here
 by incorporated by reference, shall apply and the parties agree to comply with such terms. For the purposes of the Standard Contractual Clauses (as defined in the DPA) which form part of the DPA, when and as applicable, Customer and its Affiliates are each the data exporter, and Customer’s signing of or entering into this Agreement, and an applicable Affiliate’s signing of or entering into an Order Form, shall be treated as signing of the Standard Contractual Clauses and their Annexes.

Your Rights associated with your information

If we are storing your personal information, you have the following rights to your information based on the services and your region.

In the event that you have provided Personal Information to Us on our website Truein.com, we will provide you with information about whether we hold any of your Personal Information. You may access, correct, or request deletion of your Personal Information by contacting Us at [email protected]. We will respond to your request within a reasonable timeframe.

When acting as a service  provider of Our Customer, Truein has no direct relationship with the individuals whose Personal Information is provided to Truein through the Services. An individual who is or was employed by one of Our Customers  and who seeks access to, or who seeks to correct, amend, object to the  processing or profiling of, or to delete his/her Personal Information in the Platform, should direct his/her query to the HR or concerned  department of the Customer Organization that uses the Platform and for  which he/she works or used to work if he/she cannot make the appropriate changes via its access to the Platform provided by the Customer. Your account owner has taken consent from the organization employees for all of your personal data shared with us. For the execution of any rights, including withdrawal of consent, you have to approach your account owner to facilitate the same.

Our customers and their end-users can request access, correct, and modify their personal data  stored on the Truein platform. End-users can also contact us at [email protected] if they would like to access, correct, or remove their personal data. As a Processor, we will forward these requests to the relevant customers and help them respond, if needed.
You have the following rights regarding your Personal Information where we directly collect from you  and that we control. (This does not apply to data collected by our customer organizations where We are the Processor of data):

Right of Access
What does it mean?
Individuals will have the right to request access to the personal data.

How Truein complies?
You can request details of your Personal Information We hold. We will confirm whether We are processing your Personal Information and We will disclose additional information including the types of Personal Information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your Personal Information.

Right of rectification
What does it mean?
Individuals will have the ability to rectify any missing or incorrect or outdated information that has been stored about them.

How Truein complies?
At your request, We will correct incomplete or inaccurate parts of your Personal Information, although We may need to verify the accuracy of the new information you provide us.

Right to be forgotten
What does it mean?
Individuals will be able to request to delete their personal data or submit a  “request to be forgotten” at any time if they no longer want their data  to be stored or processed.
How Truein complies?
At your request, We will delete your Personal Information if: 

  • it is no longer necessary for Us to retain your Personal Information; 

  • you object to the processing of your Personal Information (see below) and  there are no overriding legitimate grounds for such processing;

  • the Personal Information was processed illegally;

  • The Personal Information must be deleted for Us to comply with Our legal obligations.

  • We will decline your request for deletion if processing of your Personal  Information is necessary: 1. for Us to comply with Our legal  obligations; 2. for the establishment, exercise or defense of legal  claims; or 3. for the performance of a task in the public interest.

Right to restrict processing
What does it mean?
Individuals have the right to request a restriction on the processing of their  personal data, pertaining to certain conditions or circumstances. When  processing is restricted, data controllers are permitted to store the  personal data, but not use it. An individual can make a request for  restriction verbally or in writing. Organizations will have one calendar month to respond to the request for restriction.

How Truein complies?
At your request, We will restrict the processing of your Personal Information if: 

  • you dispute the accuracy of your Personal Information;

  • your Personal Information was processed illegally and you request a  limitation on processing rather than the deletion of your Personal  Information;

  • We no longer need to process your Personal Information, but you need your  Personal Information in connection with the establishment, exercise or  defense of a legal claim;  Or

  • you object to the processing of your Personal Information pending  verification as to whether an overriding legitimate ground for such  processing exists.

We may continue to store your Personal Information to the extent required  to ensure that your request to restrict processing is respected in the  future.

Right to data portability
What does it mean?
Individuals have the right to transfer data from one electronic processing system  to and into another electronic processing system at will, and if  requested, companies have the new GDPR standard of 30 days to comply  with the request. For eg: switching from one social network to another  or from one cloud provider to another.

How Truein complies?
At your request, We will provide you free of charge with your Personal  Information in a structured, commonly used and machine readable format,  if:

  • you provided Us with your Personal Information;

  • the processing of your Personal Information is required for the performance of a contract;

  • Or the processing is carried out by automated means.

Right to object
What does it mean?
Under GDPR, individuals have the “right to object” i.e the data controllers  can say that they no longer want the personal data processing to be  carried out. In practice, the data subject can exercise the right to  object more so with things related to direct marketing.

How Truein complies?
Where We rely on Our legitimate interests (or that of a third party) to  process your Personal Information, you have the right to object to this  processing on grounds relating to your particular situation if you feel  it impacts on your fundamental rights and freedoms. We will comply with  your request unless We have compelling legitimate grounds for the  processing which override your rights and freedoms, or where the  processing is in connection with the establishment, exercise or defense  of legal claims. We will always comply with your objection to processing your Personal Information for direct marketing purposes.

Rights in Relation to Automated Decision Making and Profiling
What does it mean?
GDPR has provisions on making a decision based solely on automated means  without any human involvement. And also automated processing of personal data to evaluate certain things about an individual i.e profiling.  Profiling can be part of an automated decision-making process. GDPR  applies to all automated individual decision-making and profiling.

How Truein complies?
You will not be subject to decisions with a legal or similarly significant  effect (including profiling) that are based solely on the automated  processing of your Personal Information, unless you have given Us your  explicit consent or where they are necessary for the performance of a  contract with Us.

Right to withdraw consent
You have the right to  withdraw any consent you may have previously given Us at any time. In  order to exercise your rights in this section We may ask you for certain identifying information to ensure the security of your Personal  Information. To request to exercise any of the above rights, please  contact Us at [email protected]. We will respond to your request within 30 days or provide you with reasons for the delay.

Usually, We will not charge  you any fees in connection with the exercise of your rights. If your  request is manifestly unfounded or excessive, for example, because of  its repetitive character, We may charge a reasonable fee, taking into  account the administrative costs of dealing with your request. If We  refuse your request We will notify you of the relevant reasons

Cookies

The Truein.com site also  includes certain components transmitted by Google Analytics, a web  traffic analysis service prodded by Google, Inc. (“Google”). Google  Analytics uses “cookies” to collect and analyze anonymous information about site usage behavior truein.com (including your IP address). This  information is collected by Google Analytics, which processes them in  order to draw up reports for the truein.com operators about the  activities on the websites themselves. This site does not use (and does  not allow others to use) the Google analytics tool to track or collect  personally identifiable information. Google will not associate your IP  address with any other data held by Google or seek to link an IP address with the identity of a user. Google can also communicate this  information to third parties unless required by law or where such third  parties process the information on Google’s behalf. For more  information, please see the given link:https://www.google.it/policies/privacy/partners/ You can selectively disable the action of installing Google Analytics  on your browser component opt-out provided by Google. To disable the  action of Google Analytics, please refer to the link given below: https://tools.google.com/dlpage/gaoptout

Holding Information On Minors

The Service is not directed  to minors and we do not knowingly collect personal information from  them. The Service can only be used by those who have reached the age of  majority in the State and Province they reside.

If we learn that we have collected personal information of a minor then we will take steps to delete such information from our files as soon as  possible.

Email Opt Out Procedure

If you no longer wish to receive  marketing communications from Truein, you may click on the “unsubscribe” link located on the bottom of our marketing emails or you can contact  us at [email protected]. If you would like to object to the use of your Personal Data for analytics, you can contact us at [email protected].

Changes to our Privacy Policy

The terms of this Privacy Policy will govern the use of the Service and any information collected in  connection therewith, however, Truein may amend or update this Privacy  Policy from time to time.

All changes to this Privacy Policy  are effective as of the stated “Last Revised” date and your continued  use of Services will constitute your active acceptance of, and agreement to be bound by, the changes to the Privacy Policy. 

If we make material changes to how we treat our users’ personal data, we will notify you by e-mail to the  primary e-mail address specified in your account. You are responsible  for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting our Website and this Policy to  check for any changes

If you have any questions (or  comments) concerning this Privacy Policy, send us an email or otherwise  contact us at [email protected] and we will make an effort to reply  within a reasonable timeframe, and not over 30 business days.


This version of our Privacy Policy is effective from 1 Jan 2023