At Bill4Time, trust is the foundation of our relationship with thousands of people and businesses around the world, and we’re dedicated to being worthy of this trust. That’s why we’ve updated our Terms of Service Agreement.
These updates come in preparation for important regulation changes going into effect on May 25, 2018 and will help us continue protecting your privacy and data to the highest possible standard.
Here’s a summary of the key changes:
Terms of Service. As part of the General Data Protection Regulation (GDPR), a new legal framework for handling and protecting the personal data of European Union residents coming into effect on May 25, 2018, some countries in Europe have recently implemented regulations increasing their age of digital consent. To bring our Services in line with these regulations, we’ve revised the minimum age requirement to use Bill4Time to 16 in those countries and all others that have increased the age of digital consent. Please check your local law to see if you meet the age requirement.
Data Collection and Processing. We’ve updated our Terms of Service to give you more information about the information we collect, how we use it and the rights you have in relation to this information. This includes additional details about the legal bases in place for processing your personal data, how usage information helps us improve our services and develop new features, and how long we keep your data. We’ve also provided details on how you can control your personal information.
Privacy and Security. We respect your privacy rights and promise to provide you with reasonable access to the Personal Data that you may have provided through your use of Bill4Time. Part of keeping our service secure is making sure that people who work at Bill4Time understand how to be security conscious and recognize suspicious activity. This includes vendors we use to help us provide our services. We are committed to providing customers with information they may need for their own GDPR planning, and also commit to promptly notify business customers of a security incident related to the data they’ve trusted Bill4Time to protect.
The updated Terms of Service takes effect on May 25, 2018.
GDPR: The basics
GDPR is an EU law that strengthens existing data protection laws. It comes into force on May 25, 2018.
The aim of GDPR is to ensure we treat people’s data with respect. You need to have a legal right to collect and process data. It needs to be stored in a secure, appropriate way. People need to be able to easily find out what data you hold on them. If they ask you to correct or delete it, you must do so promptly.
How will Bill4Time comply with the GDPR?
- Trust is the foundation of our relationship with thousands of people and businesses around the world. We greatly value the confidence you’ve put in us and take the responsibility of protecting your data seriously.
- Bill4Time places the utmost importance on data protection and has a track record of staying ahead of the compliance curve – for example, we work with trusted third-party leaders in data security who’ve achieves ISO 27018 certification — the internationally recognized standard for leading practices in cloud privacy and data protection.
- Bill4Time’s Product, Support, and Privacy teams have carefully analyzed the GDPR and are undertaking the necessary steps to ensure that we comply.
What are your obligations under the GDPR?
- It is important to remember that you, as the business customer and the data controller, have specific legal obligations under the GDPR.
- You should be confident that any providers (data processors) which you work with have a highly robust approach to data protection, understand the obligations of the GDPR and are well prepared to meet them.
- Remember however that no provider can offer to “solve” GDPR compliance for you.
- This post sets out our approach to working together to keep your data secure and helps make clear Bill4Time’s responsibilities and our customers’ responsibilities.
GDPR: Key changes
The GDPR brings with it a shift in mindset. It expressly introduces several principles that previously underpinned data protection law, such as the “accountability principle” and “privacy by design,” and encourages organizations to take more responsibility for protecting the personal data they handle.
Privacy by design: This means that organizations handling personal data need to think about data protection when designing systems, not just review privacy implications after a product or process is developed. If you process a lot of data or deal with sensitive information, in many cases you’ll also need to conduct data protection impact assessments to meet the privacy by design principle.
User rights: The GDPR expands the existing set of user rights and creates several entirely new rights. Companies should review and ensure they have effective systems in place to give effect to these rights.
Tougher breach notification rules: Under the GDPR, organizations are required to have a strong breach notification system in place and understand their specific reporting obligations.
Accountability: Not only must your company adhere to the principles set out in the GDPR, but you must also demonstrate that compliance in line with the principle of accountability. This requires a comprehensive and clear internal privacy governance structure.
Data protection officer: The GDPR requires companies that engage in processing of EU user data to determine if they should appoint a Data Protection Officer. Companies that routinely process large volumes of information or particularly sensitive information should consider appointing a DPO.
The Google Analytics service is provided by Google Inc. You can opt-out from Google Analytics service from using your information by installing the Google Analytics Opt-out Browser tool: tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: www.google.com/policies/privacy.