Last updated: 27/11/2020
ClockRite Cloud is a SaaS (software as a service) product designed to provide a Time & Attendance management solution for organisations and employers (Client Organisations). It is supplied in the United Kingdom and Republic of Ireland by Motor Industry Management Systems Ltd (the Company), trading as “ClockRite”.
MIM Systems (ClockRite) may change this Policy from time to time by updating this page. Client Organisations and Individual Users should check this page from time to time to ensure that they are happy with any changes.
The data controller in respect to the Service is Motor Industry Management Systems Limited (trading as ClockRite) a company with a registered office at Dunston Innovation Centre, Dunston Road, Chesterfield, Derbyshire, S41 8NG. Motor Industry Management Systems Limited is a registered data controller with the Information Commissioner’s Office.
Categories of Data
Personal data processed by the Service concerns Individual Users and is carried out in the legitimate interest of providing a time and attendance solution for Client Organisations in the United Kingdom and Republic of Ireland.
The personal data processed by the Service concerns the following basic categories of data and may include some or all of the given examples:
- Personal Information: such as Legal Name, Legal Gender, Date of Birth, National Insurance Number;
- Contact Information: such as Home Address, Mailing Address, Personal Phone Number, Personal Email Address, Work Phone Number, Work Email Address, Emergency Contact Information;
- Employment Information: such as Employment Start Date, Job Role/Title, Employment Type (full time, part time, seasonal, etc), Employee ID, Work Location(s), Department, Supervisor;
- Payroll Information: such as Pay Group/Frequency, Pay Type, Pay Rate, Estimated Hours Worked Per Week, Annual Base Salary, Annual Benefit Salary;
- Attendance Information: such as Scheduled/Actual Clocking Times, Clocking Status (in/out/break/job), Clocking Location, Clocking Method, Scheduled/Actual Shift Times, Overtime Hours, Paid Absence Hours, Unpaid Absence Hours, Total Hours, Total Pay;
- Special Category Data: such as dactyloscopic or facial biometric signature(s) of the data subject.
This data may be subject to any or all of the following basic processing activities:
- Creation of related Individual User records in the Service
- Confirmation of attendance and calculation of hours worked, overtime entitlement, total pay, and other relevant time and attendance information
- Processing of absence and leave data in order to calculate associated hours and pay information
- Calculation of time and attendance data for reporting and export to payroll
- Access by the Company and/or GetHired, Inc. for implementation and ongoing product support purposes
Transfer of Data
Data may be transferred outside the EEA to GetHired, Inc. in their capacity as a data processor on behalf of the Company. GetHired, Inc. provide and/or make available the Service directly to Client Organisations and authorised Individual Users by means of establishing Client Organisation accounts on a hosted platform. GetHired, Inc. may also provide onboarding and product support services for the Service. Any such transfer and subsequent processing of data is subject to a DPA between the Company and GetHired, Inc. and will only be carried out as far as is necessary for the provision and ongoing support of the Service.
Security of Data
The Company is committed to ensuring that the Service is secure. In order to prevent unauthorised access or disclosure, the Company has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information processed by the Service.
While all reasonable precautions are taken to ensure the security and integrity of data, neither the Company nor GetHired, Inc. can ensure absolute security. In case of a breach or loss of data, affected parties will be notified in accordance with applicable legislation.
Retention and Deletion of Data
Under normal circumstances data will be retained for as long as the Client Organisation maintains an active subscription to the Service. It is the responsibility of the Client Organisation to audit and maintain data for authorised Individual Users, and to determine if/when such data should be removed from the Service. On termination of the Client Organisation account all data will be marked for deletion and thereafter may be deleted permanently from the Service without guarantee of recovery.
For Client Organisations
All data is entered into the Service by the Client Organisation, or at the direct request of the client organisation during the implementation phase.
For Individual Users
All data is used solely within the context of the Service and will not be subject to any other processing activities. Individual Users should contact their Client Organisation (or the Client Organisation’s nominated representative) in the first instance with any queries or requests relating to the data processed by the Service, including circumstances wherein the Individual User believes such information to be incorrect.
Certain elements of the Service may collect device geo-location data in order to provide location related functionality (such as deciding whether a clocking was made within an allowed location as designated by the Client Organisation). Individual Users may stop sharing location data at any time, but this may impact the functionality of the Service and the accuracy of generated attendance data.
Individual Users have the following rights under law regarding their personal information:
- The right to be informed about the collection and use of personal information
- The right of access to information to verify the legality of its use
- The right to request that inaccurate or incomplete information is rectified
- The right to request the deletion or removal of information where there is no further reason for it to be used
- The right to restrict the use of information
- The right to obtain and reuse the information
- The right to object to certain uses (such as for marketing purposes)
- The right not to be subject to a decision that has a legal effect that has been based on an automated decision
These rights are listed in summary only. To learn more about these rights and how they apply to personal data Individual Users should see the following information provided by the ICO:
Individual users may request details of personal information which the Company holds about them. A small fee may be payable in certain cases to cover administration costs. Should Individual Users wish to exercise this or indeed any of their rights under the GDPR they should write to Kevin Churn, who is the Company’s nominated data Controller for this purpose.