Terms of Service
Welcome to timeTracko.com (“Company,” “we,” “our,” “us”)!
These Terms of Service (“Terms,” “Terms of Service”) govern your use of our website located at https://timetracko.com (together or individually “Service”) operated by timeTracko.com.
If you do not agree with (or cannot comply with) Agreements, then you may not use the Service, but please let us know by emailing at email@example.com so we can try to find a solution. These Terms apply to all visitors, users, and others who wish to access or use Service.
Using our Service, you agree to subscribe to newsletters, marketing or promotional materials, and other information we may send. However, you may opt-out of receiving any or all of these communications from us by following the unsubscribe link or emailing firstname.lastname@example.org.
If you wish to purchase any product or service made available through Service (“Purchase”), you may be asked to supply certain information relevant to your Purchase including but not limited to your credit or debit card number, the expiration date of your card, your billing address, and your shipping information.
You represent and warrant that:
- You have the legal right to use any card(s) or another payment method (s) in connection with any Purchase
- The information you supply to us is true, correct, and complete.
We reserve the right to refuse or cancel your order at any time for reasons including but not limited to product or service availability, errors in the description or price of the product or service, error in your order, or other reasons.
We reserve the right to refuse or cancel your order if fraud or an unauthorized or illegal transaction is suspected.
4. Contests, Sweepstakes, and Promotions
Our Services are billed on a subscription basis ("Subscription(s)"). You will be billed in advance on a recurring and periodic basis ("Billing Cycle"). Billing cycles will be set depending on the type of subscription plan you select when purchasing a Subscription.
At the end of each Billing Cycle, your Subscription will automatically renew under the same conditions unless you cancel it or timeTracko.com cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting the email@example.com customer support team.
A valid payment method is required to process the payment for your subscription. You shall provide timeTracko.com with accurate and complete billing information that may include but not be limited to full name, address, state, postal or zip code, telephone number, and valid payment method information.
By submitting such payment information, you automatically authorize timeTracko.com to charge all Subscription fees incurred through your account to any such payment instruments.
Should automatic billing fail to occur for any reason, timeTracko reserves the right to terminate your access to the Service with immediate effect.
6. Free Trial
timeTracko may, at its sole discretion, offer a Subscription with a free trial for a limited time ("Free Trial").
You may be required to enter your billing information to sign up for Free Trial.
If you do enter your billing information when signing up for Free Trial, you will not be charged by timeTracko.com until Free Trial has expired. On the last day of the Free Trial period, unless you canceled your Subscription, you will be automatically charged the applicable Subscription fees for the type of Subscription you have selected.
At any time and without notice, timeTracko reserves the right to (i) modify Terms of Service of Free Trial offer or (ii) cancel such Free Trial offer.
7. Fee Changes
timeTracko, in its sole discretion and at any time, may modify Subscription fees for the Subscriptions. Any Subscription fee change will become effective at the end of the then-current Billing Cycle.
timeTracko will provide you with reasonable prior notice of any change in Subscription fees to allow you to terminate your Subscription before such change becomes effective.
Your continued use of Service after the Subscription fee change comes into effect constitutes your agreement to pay the modified Subscription fee amount.
We issue refunds for Contracts within 30 days of the Contract’s original purchase.
Our Service allows you to post, link, store, share and otherwise make available certain information, text, graphics, videos, or other material (“Content”). You are responsible for Content that you post on or through Service, including its legality, reliability, and appropriateness.
By posting Content on or through Service, You represent and warrant that: (i) Content is yours (you own it) and/or you have the right to use it and the right to grant us the rights and license as provided in these Terms, and (ii) that the posting of your Content on or through Service does not violate the privacy rights, publicity rights, copyrights, contract rights or any other rights of any person or entity. We reserve the right to terminate the account of anyone found to be infringing on a copyright.
You retain any of your rights to any Content you submit, post, or display on or through Service and are responsible for protecting those rights. We take no responsibility and assume no liability for Content you or any third party posts on or through Service. However, by posting Content using Service, you grant us the right and license to use, modify, publicly perform, publicly display, reproduce, and distribute such Content on and through Service. You agree that this license includes the right to make your Content available to other users of Service, who may also use your Content subject to these Terms.
timeTracko has the right but not the obligation to monitor and edit all users’ content.
Besides, Content found on or through this Service is the property of timeTracko.com or used with permission. You may not distribute, modify, transmit, reuse, download, repost, copy, or use said Content, whether in whole or in part, for commercial purposes or personal gain, without express advance written permission from us.
10. Prohibited Uses
You may use Service only for lawful purposes and in accordance with Terms. You agree not to use Service:
- In any way that violates any applicable national or international law or regulation.
- To exploit, harm, or attempt to exploit or harm minors in any way by exposing them to inappropriate content or otherwise.
- To transmit, or procure the sending of, any advertising or promotional material, including any “junk mail,” “chain letter,” “spam,” or any other similar solicitation.
- To impersonate or attempt to impersonate Company, a Company employee, another user, or any other person or entity.
- In any way that infringes upon others’ rights or is illegal, threatening, fraudulent, or harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity.
- To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of Service, or which, as determined by us, may harm or offend Company or users of Service or expose them to liability.
Additionally, you agree not to:
- Use Service in any manner that could disable, overburden, damage, or impair Service or interfere with any other party’s use of Service, including their ability to engage in real-time activities through Service.
- Use any robot, spider, or other automatic device, process, or means to access Service for any purpose, including monitoring or copying any of the material on Service.
- Use any manual process to monitor or copy any of the material on Service or for any other unauthorized purpose without our prior written consent.
- Use any device, software, or routine that interferes with Service’s proper working.
- Introduce any viruses, trojan horses, worms, logic bombs, or other material which is malicious or technologically harmful.
- Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of Service, the server on which Service is stored, or any server, computer, or database connected to Service.
- Attack Service via a denial-of-service attack or a distributed denial-of-service attack.
- Take any action that may damage or falsify the Company rating.
- Otherwise, attempt to interfere with the proper working of Service.
We may use third-party Service Providers to monitor and analyze our service’s use.
12. No Use By Minors
Service is intended only for access and use by individuals at least eighteen (18) years old. By accessing or using Service, you warrant and represent that you are at least eighteen (18) years of age and with the full authority, right, and capacity to enter into this agreement and abide by all of the terms and conditions of Terms. If you are not eighteen (18) years old, you are prohibited from both the access and usage of Service.
When you create an account with us, you guarantee that you are above the age of 18 and that the information you provide us is accurate, complete, and current at all times. Inaccurate, incomplete, or obsolete information may result in your account’s immediate termination of Service.
You are responsible for maintaining your account and password’s confidentiality, including but not limited to the restriction of access to your computer and/or account. You agree to accept responsibility for any and all activities or actions that occur under your account and/or password, whether your password is with our Service or a third-party service. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.
You may not use as a username the name of another person or entity, or that is not lawfully available for use, a name or trademark that is subject to any rights of another person or entity other than you, without appropriate authorization. You may not use as a username any offensive, vulgar, or obscene name.
We reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders at our sole discretion.
14. Intellectual Property
Service and its original content (excluding Content provided by users), features, and functionality will remain the exclusive property of timeTracko.com and its licensors. Service is protected by copyright, trademark, and other foreign countries’ laws. Our trademarks may not be used in connection with any product or service without the prior written consent of timeTracko.
15. Copyright Policy
We respect the intellectual property rights of others. Our policy is to respond to any claim that Content posted on Service infringes on the copyright or other intellectual property rights (“Infringement”) of any person or entity.
If you are a copyright owner or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement, please submit your claim via email to firstname.lastname@example.org, with the subject line: “Copyright Infringement” and include in your claim a detailed description of the alleged Infringement as detailed below, under “DMCA Notice and Procedure for Copyright Infringement Claims.”
You may be held accountable for damages (including costs and attorneys’ fees) for misrepresentation or bad-faith claims on the infringement of any Content found on and/or through Service on your copyright.
16. DMCA Notice and Procedure for Copyright Infringement Claims
You may submit a notification pursuant to the Digital Millennium Copyright Act (DMCA) by providing our Copyright Agent with the following information in writing (see 17 U.S.C 512(c)(3) for further detail):
- an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright’s interest;
- a description of the copyrighted work that you claim has been infringed, including the URL (i.e., web page address) of the location where the copyrighted work exists or a copy of the copyrighted work;
- identification of the URL or other specific location on Service where the material that you claim is infringing is located;
- your address, telephone number, and email address;
- a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law;
- a statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.
You can contact our Copyright Agent via email at email@example.com.
17. Error Reporting and Feedback
You may provide us either directly at firstname.lastname@example.org or via third-party sites and tools with information and feedback concerning errors, suggestions for improvements, ideas, problems, complaints, and other matters related to our Service (“Feedback”). You acknowledge and agree that:
- you shall not retain, acquire or assert any intellectual property right or other rights, title or interest in or to the Feedback;
- Company may have developed ideas similar to the Feedback;
- Feedback does not contain confidential information or proprietary information from you or any third party, and
- Company is not under any obligation of confidentiality with respect to the Feedback.
In the event the transfer of the ownership to the Feedback is not possible due to applicable mandatory laws, you grant Company and its affiliates an exclusive, transferable, irrevocable, free-of-charge, sub-licensable, unlimited, and perpetual right to use (including copy, modify, create derivative works, publish, distribute and commercialize) Feedback in any manner and for any purpose.
18. Links To Other Websites
Our Service may contain links to third-party websites or services that are not owned or controlled by timeTracko.
timeTracko has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party websites or services. We do not warrant the offerings of any of these entities/individuals or their websites.
You acknowledge and agree that the company shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services available on or through any such third-party websites or services.
We strongly advise you to read the terms of service and privacy policies of any third-party websites or services that you visit.
19. Disclaimer Of Warranty
These services are provided by the company on an “as is” and “as available” basis. Company makes no representations or warranties of any kind, express or implied, as to the operation of their services, or the information, content, or materials included therein. You expressly agree that your use of these services, their content, and any services or items obtained from us is at your sole risk.
Neither company nor any person associated with the company makes any warranty or representation with respect to the completeness, security, reliability, quality, accuracy, or availability of the services. Without limiting the foregoing, neither company nor anyone associated with company represents or warrants that the services, their content, or any services or items obtained through the services will be accurate, reliable, error-free, or uninterrupted, that defects will be corrected, that the services or the server that makes it available are free of viruses or other harmful components or that the services or any services or items obtained through the services will otherwise meet your needs or expectations.
Company hereby disclaims all warranties of any kind, whether express or implied, statutory, or otherwise, including but not limited to any warranties of merchantability, non-infringement, and fitness for particular purpose.
The foregoing does not affect any warranties which cannot be excluded or limited under applicable law.
20. Limitation Of Liability
Except as prohibited by law, you will hold us and our officers, directors, employees, and agents harmless for any indirect, punitive, special, incidental, or consequential damage; however it arises (including attorneys’ fees and all related costs and expenses of litigation and arbitration, or at trial or on appeal, if any, whether or not litigation or arbitration is instituted), whether in an action of contract, negligence, or other tortious action, or arising out of or in connection with this agreement, including without limitation any claim for personal injury or property damage, arising from this agreement and any violation by you of any federal, state, or local laws, statutes, rules, or regulations, even if company has been previously advised of the possibility of such damage. Except as prohibited by law, if there is liability found on the part of the company, it will be limited to the amount paid for the products and/or services, and under no circumstances will there be consequential or punitive damages. Some states do not allow the exclusion or limitation of punitive, incidental, or consequential damages, so the prior limitation or exclusion may not apply to you.
We may terminate or suspend your account and bar access to Service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation, including but not limited to a breach of Terms.
If you wish to terminate your account, you may simply discontinue using Service.
All provisions of Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity, and limitations of liability.
22. Governing Law
According to Australia’s laws, these Terms shall be governed and construed, which governing law applies to an agreement without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, these Terms’ remaining provisions will remain in effect. These Terms constitute the entire agreement between us regarding our Service and supersede and replace any prior agreements we might have had between us regarding Service.
23. Changes To Service
We reserve the right to withdraw or amend our Service and any service or material we provide via Service, in our sole discretion without notice. We will not be liable if for any reason all or any part of Service is unavailable at any time or for any period. From time to time, we may restrict access to some parts of the Service, or the entire Service, to users, including registered users.
24. Amendments To Terms
We may amend the Terms at any time by posting the amended terms on this site. It is your responsibility to review these Terms periodically.
Your continued use of the Platform following the posting of revised Terms means that you accept and agree to the changes. You are expected to check this page frequently, so you know any changes, as they are binding on you.
By continuing to access or use our Service after revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, you are no longer authorized to use Service.
25. Waiver And Severability
No waiver by Company of any term or condition outlined in Terms shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of Company to assert a right or provision under Terms shall not constitute a waiver of such right or provision.
If any provision of Terms is held by a court or other tribunal of competent jurisdiction to be invalid, illegal, or unenforceable for any reason. In that case, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of Terms will continue in full force and effect.
By using service or other services provided by us, you acknowledge that you have read these terms of service and agree to be bound by them.
27. Contact Us
Please send your feedback, comments, requests for technical support by email: email@example.com.
Welcome to timeTracko.
timeTracko (“us,” “we,” or “our”) operates https://timetracko.com (from now on referred to as “Service”).
SERVICE means the https://timetracko.com website operated by timeTracko.
PERSONAL DATA means data about a living individual who can be identified from that data (or from that and other information either in our possession or likely to come into our possession).
USAGE DATA is data collected automatically either generated by the use of Service or Service infrastructure itself (for example, the duration of a page visit).
COOKIES are small files stored on your device (computer or mobile device).
DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use various Service Providers’ services to process your data more effectively.
THE USER is the individual using our Service. The User corresponds to the Data Subject, the subject of Personal Data.
3. Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you.
4. Types of Data Collected
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally, identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, Country, State, Province, ZIP/Postal code, City
- Cookies and Usage Data
We may use your Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any of these communications from us by following the unsubscribe link.
We may also collect information that your browser sends whenever you visit our Service or access Service by or through any device (“Usage Data”).
This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access Service with a device, this Usage Data may include information such as the type of device you use, your unique device ID, the IP address of your device, your device operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.
Tracking Cookies Data
Cookies are files with a small amount of data that may include a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used, such as beacons, tags, and scripts, to collect and track information and improve and analyze our Service.
You can instruct your browser to refuse all cookies or indicate when a cookie is being sent. However, if you do not accept cookies, you may not use some of our service portions.
Examples of Cookies we use:
- Session Cookies: We use Session Cookies to operate our Service.
- Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
- Security Cookies: We use Security Cookies for security purposes.
- Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.
While using our Service, we may also collect the following information: sex, age, date of birth, place of birth, passport details, citizenship, registration at the place of residence and actual address, telephone number (work, mobile), details of documents on education, qualification, professional training, employment agreements, NDA agreements, information on bonuses and compensation, information on marital status, family members, social security (or other taxpayer identification) number, office location, and other data.
5. Use of Data
timeTracko uses the collected data for various purposes:
- to provide and maintain our Service;
- to notify you about changes to our Service;
- to allow you to participate in interactive features of our Service when you choose to do so;
- to provide customer support;
- to gather analysis or valuable information so that we can improve our Service;
- to monitor the usage of our Service;
- to detect, prevent and address technical issues;
- to fulfill any other purpose for which you provide it;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- to provide you with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
- in any other way we may describe when you provide the information;
- for any other purpose with your consent.
6. Retention of Data
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or improve our service’s functionality, or we are legally obligated to retain this data for longer periods.
7. Transfer of Data
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside Australia and choose to provide information to us, please note that we transfer the data, including Personal Data, to Australia and process it there.
8. Disclosure of Data
We may disclose personal information that we collect, or you provide:
If our subsidiaries or we are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred.
Other cases. We may disclose your information also:
- To our subsidiaries and affiliates;
- To contractors, service providers, and other third parties we use to support our business;
- To fulfill the purpose for which you provide it;
- To include your company’s logo on our website;
- For any other purpose disclosed by us when you provide the information;
- with your consent in any other cases;
- If we believe disclosure is necessary or appropriate to protect the Company’s rights, property, or safety, our customers, or others.
9. Security of Data
Your data’s security is important to us but remember that no transmission method over the Internet or electronic storage method is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
10. Your Data Protection Rights Under General Data Protection Regulation (GDPR)
If you are a European Union resident (EU) and European Economic Area (EEA), you have certain data protection rights covered by GDPR.
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at firstname.lastname@example.org.
In certain circumstances, you have the following data protection rights:
- the right to access, update, or to delete the information we have on you;
- the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
- the right to object. You have the right to object to our processing of your Personal Data;
- the right of restriction. You have the right to request that we restrict the processing of your personal information;
- the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable, and commonly used format;
- the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;
Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not be able to provide Service without some necessary data.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. Please contact your local data protection authority in the European Economic Area (EEA) for more information.
11. Your Data Protection Rights under the California Privacy Protection Act (CalOPPA)
According to CalOPPA, we agree to the following:
- users can visit our site anonymously;
- ers can change their personal information by emailing us at email@example.com.
Our Policy on “Do Not Track” Signals:
We honor Do Not Track signals and do not track plant cookies or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites you do not want to track.
You can enable or disable Do Not Track by visiting your web browser’s Preferences or Settings page.
12. Your Data Protection Rights under the California Consumer Privacy Act (CCPA)
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data, and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:
0.1 What personal information we have about you. If you make this request, we will return to you:
- The categories of personal information we have collected about you.
- The categories of sources from which we collect your personal information.
- The business or commercial purpose for collecting or selling your personal information.
- The categories of third parties with whom we share personal information.
- The specific pieces of personal information we have collected about you.
- A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your data, we will inform you of that fact.
- A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
0.2. To delete your personal information. If you make this request, we will delete the personal information we hold about you regarding the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished by de-identifying the information. If you choose to delete your personal information, you may not use certain functions that require your personal information to operate.
0.3. To stop selling your personal information. We don’t sell or rent your personal information to any third parties for any purpose. We do not sell your data for monetary consideration. However, under some circumstances, a transfer of personal information to a third party, or within our family of companies, without monetary consideration may be considered a “sale” under California law. You are the only owner of your Personal Data and can request disclosure or deletion at any time.
If you submit a request to stop selling your personal information, we will stop making such transfers.
Please note, if you ask us to delete or stop selling your data, it may impact your experience with us. You may not be able to participate in certain programs or membership services that require the usage of your personal information to function. But in no circumstances will we discriminate against you for exercising your rights.
To exercise your California data protection rights described above, please send your request(s) by email: firstname.lastname@example.org.
Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.
13. Service Providers
We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze our service’s use.
15. CI/CD Tools
We may use third-party Service Providers to automate our service’s development process.
16. Behavioral Remarketing
We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g., payment processors).
18. Links to Other Sites
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
19. Children’s Privacy
Our Services are not intended for use by children under the age of 18 (“Child” or “Children”).
We do not knowingly collect personally identifiable information from children under 18. If you become aware that a child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verifying parental consent, we remove that information from our servers.
21. Contact Us
Please read the terms specified below:
The affiliate agreement provided herein contains terms of service between us (“timeTracko”) and you (“Affiliates”), which must be abided by while using the offered service of the affiliate program. The terms and conditions are indeed legally binding terms regarding your application as well as participation in timeTracko affiliate program. We request not to use the program if you do not concur with this agreement. By signing up and participating in this affiliate program, we corroborate that you have read all the terms and conditions of timeTracko affiliate program, and you accept to comply with these terms.
Referred customers: They are new and unique customers who are referred via the affiliate link provided by the affiliates.
Dashboard: It contains all the affiliate data such as transactions, revenues and payments, providing an easier means to view affiliate’s statistics.
Referral link/affiliate link/URL: Affiliate links are used by the advertiser to record the traffic sent to their website. They are specific URLs, which is provided in the dashboard that contains the IDs or usernames of specific affiliates.
Commission Threshold: Prior to receiving payment from timeTracko, an affiliate must accrue the specified amount, which is referred to as commission threshold.
Qualified Sale: If an affiliate successfully makes a customer purchase any of timeTracko plans, then it is referred to as qualified sales.
Sub-IDs: Sub IDs are non-unique values that are used by the publisher to gain insight on which affiliate links or platforms or pages lead to conversions. Sub IDs values will be stored whenever affiliate links are clicked and then will be returned in the conversion report.
To participate in the affiliate program, you must certify to timeTracko that;
- You are an individual.
- You are 18 years of age or older.
- You are not using this program for any unauthorized or illegal purposes.
- You must not be violating any sorts of rules and regulations set by timeTracko. The agreement will be declared as null and void if found so.
To join the affiliate program of timeTracko, the user has to sign up as an affiliate. While registering, the user must fill up the application form with all the required information. The detailed process will be as per software’s provision. If anyone wishes to cancel participation, he/she can delete the affiliate account.
Once the account is successfully registered, the user is solely responsible for any sorts of activities that occur on that particular account.
2. Affiliate Approval/Denial
Once you complete the registration process, the details of the form will be assessed by our associate teams. Along with the provided details in the application form, the associate team will authenticate the provided platform for advertisement. Most importantly, the request will be declared unqualified or will be rejected if the requirements regarding the provided advertisement platform are not met.
- Incomplete/New Website: We will not be accepting those applications where the provided websites that do not point to the precise destination. In addition to this, those websites which are brand new, newly registered or contain misleading links will not be accepted because we prioritize the websites that are in the optimal position to refer sales.
- Invalid Website’s URL: The team assessing your application may require the information on your statistics, previous projects, promotional plans and current campaigns so that they can appropriately qualify the websites. You may supply this information in the description field of the application. However, it doesn’t guarantee the authenticity of your advertising platform. Therefore, you have to carefully provide the URL so that we will be able to uncover the adequate history of your website.
- Inconsistent Content: We will check the information provided on your website, social network, blogs and ensure that these are registered in your name. The application request will be denied if the contents in your platforms are inconsistent, not professional, contains vulgarity and adult content, which is completely unethical. If you have previously promoted some other product, then we will check the method and content used to promote them.
- Poor Traffic: Almost every network wants to enrol those affiliates who possess websites that are already established. Likewise others, we will check the traffic of your website and evaluate its value. We will deny the application request if your website’s traffic ranks low and doesn’t meet our traffic standards.
- Limited Organic Followers in Social Networks: timeTracko affiliate programs also allow affiliates to use their social profiles for promoting the product. However, the profile must be well established, and the channels must allow their users to post affiliate tracking URLs. While assessing the profile, we will keep an account of factors like creation date of profile, engagement and above all number of organic followers. We believe that the profile with a multitude of followers will help the product to reach a large audience which will indeed help in each other’s growth.
Affiliate Dashboard and Affiliate URL
Once approved to be a timeTracko affiliate, you will find a link/navigation bar which will take it to your dashboard. Your dashboard will serve as an admin page. Your dashboard will provide you with information on your sales, commissions, revenue etc.
In your dashboard, you will find a referral link/affiliate link/URL which you can use on your platforms. The platforms can be your websites, blogs, social networks, emails which you intend to use for advertisement purposes. You can use only those platforms that are registered in your name. The provided affiliate link will be unique to you only. Whenever any visitors open the URL, the cookie file is saved in the cache for 60 days and companies/ customers’ need to make a purchase within this time. You can also assign Sub-IDs if you are making advertisements with multiple platforms. It will help you and us to identify which of your platforms is generating maximum traffic.
You will be receiving 30% commission on every successful signup made by your referred customers. The commission will only become payable once you reach the commission threshold (details provided in Payment->Threshold section below). The affiliate period of your referred customers, who make purchases through your unique affiliate link, lasts 9 months after their first payment.
timeTracko also offers Two-Tier affiliate commissions where you will be receiving a commission of 10% if anyone decides to be a timeTracko affiliate by signing up through your affiliate link. You will be receiving 10% commission of their valid sales for (9 Months).
You will not be eligible for a commission if;
- The signups are made by you or your household.
- You refer customers who are currently or previously using timeTracko.
Form of Payment:
For each successful sign up made by the customer through the affiliate link, we will pay your earnings from the affiliate program as per the agreed payment rates. Since we only support PayPal, you must have a PayPal account for this purpose.
Once we receive the submitted request by you, the payment is made in AUD within a week. Make sure you provide us with the correct details and payment methods so that the transactions can be made without any hindrance.
To be eligible for receiving the payments, you must make 3 successful referrals as our premium client and must have a minimum $100 affiliate balance.
Your affiliate commission will be paid once your referred customer completes the refund duration of 30 days. The payment is processed in the second week of the month.
For instance, if a sale is earned in Jan, it will be processed within the second week of March.
As mentioned earlier, the detail of the payment should be provided precisely. In contrary to this, we will have to hold your earnings. In addition, the supplied contact details should be accurate, and you have to make sure that your payment request is successfully submitted. Besides, affiliates are liable for all the costs of converting the amount from Australia into your preferred currency.
Affiliates are obliged to pay all sorts of taxes on the payments made by us, wherever levied. We will provide you with all the legal documentation regarding the deduction or withholding.
After you are approved as a timeTracko affiliate and you start making sales; we will check all of your sites to check the method you adopted.
We will ensure:
- No misleading content or illegal method is used to promote the product
- The site, where affiliate URL is inserted, is not linked with content that is deemed offensive.
- If timeTracko brand is used in your keywords or Meta description while promoting timeTracko using Google Ads.
- If the provided timeTracko logo is edited or tampered.
Security and Compliance
timeTracko Protects Your Data
We work towards improving our security every single day at timeTracko. To do so properly, we follow the best security practices. These include:
- Encrypted data transfer (HTTPS)
- Email verification
- A strong password management policy
- Internal system logging
- Network and overall infrastructure security
- Physical security
- Two-factor authentication (2fa)
External Audits and Security
At timeTracko, we do our best to provide the best security to our customers. Because of that, we integrate and work with external companies that help us to carry out regular penetration testing, patching, and security audits to identify any possible issues and resolve them within a short period of time.
timeTracko is working with an external penetration testing partner - NetSparker for regular weekly / monthly security scans and penetration testing which guarantees the highest possible level of security.
Backups and Reliability
Our backups are done on a daily basis, which guarantees consistency and a quick reaction from our side in case data restoration is needed.
In case of a data breach, we have a procedure in place that dictates how and when to make a responsible disclosure to the affected parties, with the first communication occurring within 72 hours of our becoming aware of the incident.
Software Development Security
timeTracko uses a Git version control system. Changes to timeTracko’s code base go through a suite of automated tests before being reviewed and sent through a round of manual testing. When code changes pass through the automated testing system, they are first pushed to a staging environment where https://timetracko.com employees test the changes before they’re pushed to our production servers. Changes that are critical, due to security or for other reasons, are fast-tracked to production while still being tested thoroughly.
Confidentiality & Employee Access
We strictly regulate our employees’ access to the data you and your users store with timetracko.com Access is limited to those few employees who need it for troubleshooting or support.
No timetracko.com employees ever access customer accounts unless required for troubleshooting or support. When working on a support issue, we do our best to respect your privacy as much as possible and only access the files and settings needed to resolve your issue
Screenshots are an optional timeTracko feature. If activated, the screenshots feature will take and store screenshots of your employees’ monitors at the time interval that you specify.
If you use the screenshots feature, you can rest assured that the screenshots and all other data are stored securely. All communication to the server is secured by SSL encryption. Files on the server are encrypted to provide an extra level of security for company data. The servers are located in secure enterprise data center facilities with 24/7 monitoring and hosting support.
Billing Information Protection
When you sign up for a paid account on timeTracko, we do not store any of your credit card information.
All credit card transactions are processed using Stripe’s secure encryption, which is the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-compliant network.
What it is, what we are doing, and what you can do
The GDPR became enforceable on May 25, 2018, and increased oversight for global privacy rights and compliance. We, at timeTracko, have embraced GDPR requirements and this guide is intended to help our customers understand timeTracko’s GDPR posture. It is not intended as a thorough treatise on GDPR application and should be read with this in mind.
What is the GDPR?
The General Data Protection Regulation (the “GDPR”) is a European data protection and privacy law adopted April 14, 2016, which became officially enforceable beginning on May 25, 2018. The two (2) year delay between adoption and enforcement was intended to give organizations time to prepare before enforcement.
The GDPR is an ambitious attempt to strengthen, harmonize, and modernize EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organizations may obtain, use, store, and erase personal data. It replaced a prior European Union privacy directive known as Directive 95/46/EC (the “Directive”), which had been the basis of European data protection law from 1995 to early 2018. Unlike its predecessor, the GDPR applies immediately throughout the European Union (“EU”) across all member states without the need for further member state legislative action.
Since mid-May 2018, the GDPR has been in force and there is no further “grace period.” It is important that organizations impacted by the GDPR are now compliant with its provisions.
How does the GDPR work?
There are many principles and requirements introduced by the GDPR, so it is important to review the GDPR in its entirety to ensure a full understanding of its requirements and how they may apply to your organization. While the GDPR preserves many principles established by the Directive, it introduces several important and ambitious changes. Here are a few that we believe are particularly relevant to timeTracko and our customers:
1. Expansion of scope
The GDPR applies to all organizations established in the EU or processing data of Data Subjects, thus introducing the concept of extraterritoriality, and broadening the scope of EU data protection law well beyond the borders of just the EU.
2. Expansion of definitions of personal data and special categories of data.
3. Expansion of individual rights
Data Subjects have several important rights under the GDPR, including the right to be forgotten, the right to object, the right to rectification, the right of access, and the right of portability. Your organization must ensure that it can accommodate these rights if it is processing the personal data of Data Subjects.
Right to be forgotten:An individual may request that an organization delete all data on that individual without undue delay.
Right to object:An individual may prohibit certain data uses.
Right to rectification:Individuals may request that incomplete data be completed or that incorrect data be corrected.
Right of access:Individuals have the right to know what data about them is being processed and how.
Right of portability:Individuals may request that personal data held by one organization be transported to another.
4. Stricter consent requirements
Consent is one of the fundamental legal bases of the GDPR, and organizations must ensure that consent is obtained in accordance with the GDPR’s requirements. Your organization will need to obtain consent from its subscribers and contacts for every usage of their personal data unless it can rely on a separate legal basis. The route to compliance is to obtain explicit consent. Keep in mind that:
- Consent must be specific to distinct purposes.
- Silence, pre-populated boxes, or inactivity do not constitute consent; data subjects must explicitly opt-in to the storage, use, and management of their personal data.
- Separate consent must be obtained for different processing activities, which means your organization must be clear about how the data will be used when consent is obtained.
5. Strict processing requirements:
Individuals have the right to receive “fair and transparent” information about the processing of their Personal Data, including:
- Contact details for the data controller.
- Purpose of the data: This should be as specific (“purpose limitation”) and minimized (“data minimization”) as possible. Your organization should carefully consider what data it is collecting and why, and be able to validate that to a regulator.
- Retention period: This should be as short as possible (“storage limitation”).
- Legal basis: An organization cannot process personal data just because it wants to. It must have a “legal basis” for doing so, such as where the processing is necessary to the performance of a contract, an individual has consented (see consent requirements above), or the processing is in the organization’s “legitimate interest.”
Whom does it affect?
As mentioned above, the territorial scope of the GDPR is very broad. The two most common GDPR territorial conditions for application are, the GDPR applies (1) to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not; and (2) to the processing (a) the offering of goods or services , irrespective of whether a payment of the data subject is required , to such data subjects in the Union; or (b) the monitoring of their behavior as far as their behavior takes place within the Union. The latter is the GDPR’s introduction of the principle of “extraterritoriality” – meaning, the GDPR applies to any organization processing personal data of data subjects —regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to any organization anywhere in the world, and all organizations should perform an analysis to determine whether or not they are processing the personal data of EU citizens. The GDPR also applies across all industries and sectors.
Here are a few definitions that will aid in understanding the GDPR’s broad scope.
What is a “data subject”?
The GDPR defines a Data Subject within its definition of “Personal Data” discussed below. A Data Subject is an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.
A Data Subject is not limited to EU Citizenship. The impact of this is apparent in the territorial application of the GDPR described above. An organization processing personal data in the context of an establishment in the EU means personal data processing of any identifiable natural person regardless of the natural person’s physical location – provided the processing is in the context of the establishment. An organization not established in the EU, but offering goods or services to a Data Subject located within the EU also comes under the GDPR. Note that in this instance, in addition to its application to a natural person, it also requires that the natural person be physically present in the EU.
What is considered “personal data”?
The GDPR defines Personal Data as any information relating to an identified or identifiable natural individual; meaning, information that could be used, on its own or in conjunction with other data, to identify a Data Subject. Consider the extremely broad reach of this definition. Personal Data now includes not only data that is commonly considered to be personal in nature (e.g., social security numbers, names, physical addresses, email addresses), but also data such as IP addresses, behavioral data, location data, biometric data, financial information, and much more. This means that, for timeTracko users, information that an organization collects about its subscribers and contacts will be considered Personal Data under the GDPR. It’s also important to note that even Personal Data that has been “pseudonymized” can be considered Personal Data if the pseudonym can be linked to any particular individual, so due care should be made when evaluating its application. Classification of data as Personal Data under the GDPR will require Organizations to comply with certain duties and obligations relating to what can broadly be termed transparency involving the use of that Personal Data – and this includes its security.
Special Categories of data, such as health information or information that reveals a person’s racial or ethnic origin, will require even greater protection under the GDPR. An organization should not store data of this nature within its timeTracko account.
What does it mean to “process” data?
Processing under the GDPR is “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.” Basically, if your organization is collecting, managing, using or storing any personal data of Data Subjects, it is processing EU personal data within the meaning prescribed by the GDPR. This means, for example, that if any of its timeTracko lists contain the email address, name, or other personal data of any Data Subject, then your organization is processing EU personal data under the GDPR. Application of the GDPR, of course, is contingent on meeting the threshold territorial requirements explained above.
Keep in mind that even if your organization does not believe its business will be affected by the GDPR, the GDPR and its underlying principles may still be important to it. European law tends to set the trend for international privacy regulation, and increased privacy awareness now may give it a competitive advantage later.
Who processes Personal Data under the GDPR?
If an organization ‘processes’ personal data, it does so as either a Controller or a Processor, and there are different requirements and obligations for each. A Controller is the organization that determines the purposes and means of processing personal data. A Controller also determines the specific personal data that is collected from a data subject for processing. A Processor is the organization that processes the data on behalf of the controller. Think of the Processor as a service provider or vendor in the relationship.
The GDPR has not changed the fundamental definitions of Controller and Processor found in the Directive, but it has expanded the responsibilities of each party. Controllers will retain primary responsibility for data protection (including, for example, the obligation to report data breaches to data protection authorities); however, the GDPR does place some direct responsibilities on the Processor, as well. It is important to understand whether your organization is acting as a Controller or a Processor, and to familiarize yourself with your responsibilities accordingly.
In the context of the timeTracko application and our related services, in the majority of circumstances, our customers are acting as the Controller. Our customers, for example, decide what information from their contacts or subscribers is uploaded or transferred into their timeTracko account. How timeTracko processes Personal Data is addressed below.
How does timeTracko comply with the GDPR?
timeTracko takes GDPR compliance very seriously and started GDPR preparation well before its effective date. As part of this process, we reviewed (and updated where necessary) all of our internal processes, procedures, systems, and documentation to ensure that we were ready when the GDPR went into effect. Compliance is not a static accomplishment, mandating monitoring vigilance in the face of changed circumstances and legal requirements.
One recent change involves the Court of Justice of the European Union (“CJEU”) ruling in what is referred to as the Schrems II decision. This decision revolves around the transfer of Personal Data from EU member states to third-party countries, such as the United States. The GDPR, like the Directive, does not contain any specific requirement that the Personal Data of EU citizens be stored only in EU member states. Rather, the GDPR requires that certain conditions be met before Personal Data is transferred outside the EU, identifying a number of different legal grounds that organizations can rely on to perform such data transfers. One legal ground for transferring Personal Data set out in the GDPR is an “adequacy decision.” An adequacy decision is a decision by the European Commission that an adequate level of protection exists for the Personal Data in the country, territory, or organization where it is being transferred. The Schrems II decision invalidated the adequacy decision for transatlantic data transfer to the United States known as Privacy Shield II. Another impact resulting out of this decision involved the use of ‘standard contractual clauses’ (SCCs) between the controller or processor and the controller, processor or the recipient of the personal data in the third country or international organization. SCCs are a commonly relied upon legal ground under the heading ‘appropriate safeguards’ where transfer of personal data may only occur if appropriate safeguards are in place and that enforceable data subject rights and effective legal remedies are available. Where the CJEU upheld the validity of this safeguard, it established certain conditions for its use.
timeTracko is committed to complying with the results of the Schrems II decision, and any other legal mandates in the future and is monitoring developments – in particular with respect to European Data Protection Board guidance publications and Supervisory Authority opinions.
As is our policy, we stand ready to address any requests made by our customers related to their expanded individual rights under the GDPR. Generally speaking, these include:
Right to be forgotten:You may terminate your timeTracko account at any time.
Right to object:You may opt out of inclusion of your data in any data science projects.
Right to rectification:You may access and update your timeTracko account settings at any time to correct or complete your account information. You may also contact timeTracko at any time to access, correct, amend or delete information that we hold about you.
Right of portability:You may request that we export your account data to a third party at any time.
How does timeTracko process Personal Data?
timeTracko, just like any other business, currently uses third-party Sub-processors to provide various business functions like business analytics, cloud infrastructure, email notifications, payments, and customer support. Prior to engaging with any third-party Sub-processor, timeTracko performs due diligence to evaluate their defensive disposition and executes an agreement requiring each Sub-processor to maintain minimum acceptable security practices. We’ve listed our Suprocessors on a separate page. We will keep this page up-to-date, please check back regularly to get updates on all changes.
Do you need to comply with the GDPR?
As detailed above, the GDPR has broad extra-territorial reach and due consideration should be given to its application in your organization’s business. We cannot stress enough that you should consult with legal and other professional counsel regarding the full scope of your organizations’ compliance obligations under the GDPR.
What happens if you do not comply?
Non-compliance with the GDPR can result in enormous financial penalties. Sanctions for non-compliance can be as high as 20 Million Euros or 4% of global annual turnover, whichever is higher.
Where should I start?
We’ve included the table below to help our customers think about GDPR and their responsibilities AND how timeTracko factors into the equation. This list is neither exclusive nor exhaustive.
The purpose of this policy is to establish requirements for the proper handling of protected health information (PHI) through the adoption of an information privacy and security management process for timeTracko. Such a process is required as a means of managing the privacy and security of PHI under the HIPAA Privacy Rule, the HIPAA Security Rule §164.308(a)(1), to comply with any other applicable information security regulations, and to protect the overall security of the organization.
The process includes the analysis and management of risks, the implementation of secure systems and applications, the use of security incident procedures to learn from prior issues, information system usage audits and activity reviews, regular security evaluations and regulation compliance assessments, training for all staff using electronic information systems, and documentation of compliance activities.
This policy defines the technical controls and security configurations that users and information technology (IT) administrators are required to implement in order to ensure the integrity and availability of the data environment at timeTracko. It serves as a central policy document with which all employees and contractors must be familiar and defines actions and prohibitions that all users must follow. The policy provides IT managers within timeTracko with policies and guidelines concerning the acceptable use of timeTracko technology equipment, email, internet connections, voicemail, future technology resources, and information processing.
This policy document defines common security requirements for all timeTracko personnel and systems that create, maintain, store, access, process, or transmit information. This policy also applies to information resources owned by others, such as contractors of timeTracko, entities in the private sector, and cases where timeTracko has a legal, contractual, or fiduciary duty to protect said resources while in timeTracko custody. In the event of a conflict, the more restrictive measures apply. This policy covers the timeTracko network system which consists of various hardware, software, communication equipment, and other devices designed to assist timeTracko in the creation, receipt, storage, processing, and transmission of information. This definition includes equipment connected to any timeTracko domain or VLAN, either hardwired or wirelessly, and includes all stand-alone equipment that is deployed by timeTracko at its office locations or at remote locales.
The policy requirements and restrictions defined in this document shall apply to network infrastructures, databases, external media, encryption, hardcopy reports, slides, models, wireless, telecommunication, conversations, servers, and any other methods used to convey knowledge and ideas across all hardware, software, and data transmission mechanisms. This policy must be adhered to by all timeTracko employees or temporary workers at all locations and by contractors working with timeTracko as subcontractors.
Each of the policies defined in this document is applicable to the task being performed – not just to specific departments or job titles.
timeTracko shall establish procedures to create and maintain an information security management process to ensure the confidentiality, integrity, and availability of protected health information (PHI), other personal and private information as required by law or regulations, and essential business information. The policy and procedures include the following sections:
- Assigned Privacy and Security Responsibility
- HIPAA Privacy Rule Compliance
- Risk Assessment, Risk Analysis, and Risk Management
- Information Security and Compliance Evaluation
- Implementation of Secure Systems and Applications
- Information System Usage Audits and Activity Reviews
- Backup and Disaster Recovery
- Information Security Incidents
- Sanctions for Policy Violations
Assigned Privacy and Security Responsibility
§164.530(a) of the HIPAA Privacy Rule and §164.308(a)(2) of the HIPAA Security Rule each require the designation of a single individual with the responsibility for the development and implementation of the policies and procedures required for compliance. timeTracko will assign the security officer responsibility for all matters relating to the safeguarding of the privacy and security of personal or private information to the chief technology officer (CTO). The security officers may delegate activities to the information security team (IST). This individual or team (as appropriate) will be responsible for ensuring that all personal or private information is protected against reasonably anticipated threats or hazards to the security and integrity of the information and against reasonably anticipated improper uses.
The HIPAA security officer will be the initial point of contact in any security compliance inquiry.
The HIPAA security officer will have oversight for:
- Ensuring that all policies and procedures required under applicable standards and regulations are established and maintained over time.
- Monitoring the appropriate and consistent implementation of policies and procedures.
- Ensuring that all members of the workforce, contractors, and business associates are aware of and abide by the policies and procedures.
- Monitoring and analyzing security alerts and information and ensuring proper follow-up action.
- The investigation of information security incidents and/or breaches.
- The administration of user accounts, including additions, deletions, and modifications, and monitoring and controlling all access to data.
- Ensuring that any security weaknesses discovered in the course of security incidents or security evaluations will be prioritized for correction and corrected.
- Ensuring that the analyses and documentation required by applicable standards and regulations, and/or timeTracko’s security policies and procedures, are carried out fully and completely.
The HIPAA privacy officer will be responsible for receiving any complaints about HIPAA compliance and will be the initial point of contact in any privacy compliance inquiry.
HIPAA Privacy Rule Compliance
timeTracko and its staff shall treat all PHI as confidential information and only access the minimum necessary to perform their job functions. PHI shall not be used or disclosed in any way other than as indicated in the business associate agreements as agreed to by timeTracko.
In the event that timeTracko does retain and manage data that is considered to be part of a patient’s designated record set in a medical record, timeTracko will develop policies and procedures to satisfy the individual rights defined in the HIPAA Privacy Rule § 164.520-528 as necessary and appropriate.
In the event of any improper disclosures in violation of the HIPAA Privacy Rule, steps will be taken to limit and mitigate any harmful effects of such disclosures per §164.530(f). The policy on training and documentation for compliance with the HIPAA Privacy Rule is integrated with that for compliance with the HIPAA Security Rule and the HIPAA Breach Notification Rule.
Risk Assessment, Risk Analysis, and Risk Management
timeTracko shall regularly, at least annually, evaluate its information security-related policies and procedures to ensure that they meet the requirements of the HIPAA Security Rule and HIPAA Breach Notification Rule (§164.300et seq.and §164.400et seq.). A compliance evaluation shall also be required whenever there is a change in environmental or operational conditions that may affect the security of PHI.
Risks shall be mitigated and managed by timeTracko to the best of its abilities, within reasonable and appropriate constraints of cost, staff ability, and hardware and software capabilities, according to a regularly developed and updated risk management plan based on the risk analysis.
The risk analysis and assessment shall be reviewed and updated whenever there are material changes in systems or operations controlled by timeTracko or significant changes in the security environment in which timeTracko operates, no less frequently than once every year.
Information Security and Compliance Evaluation
timeTracko shall develop procedures to establish regular, periodic evaluations of the information security-related technical measures, policies, and procedures in place at the organization to ensure that they continue to meet the requirements of HIPAA Security Rule §164.308(a)(8). The period of review shall be at least annual and determined according to the organization’s information systems risk analysis and its consideration of best practices. Evaluations shall be documented for regulatory compliance and to provide direction to the organization in the execution of its security management process and plans.
Implementation of Secure Systems and Applications
It is the policy of timeTracko to implement and maintain systems and applications using secure best practices, whether developed in-house or procured from an external vendor. Procedures shall be developed to address:
- Documentation requirements
- Default passwords and parameters
- Password suppression and account lockout
- Automatic logoff
- Wireless access
- Configuration standards
- Administrative access
- Patch management
- Vulnerability management
- Software development practices
- Change control
- Platform security
- Web-based software and applications
- Application security
- Application backup and restoration
- Security configurations for desktop and laptop computers.
timeTracko shall have procedures to track changes to networks, systems, and workstations including software releases and software vulnerability patching in information systems that contain electronic protected health information (ePHI). Change tracking allows the information technology (IT) department to efficiently troubleshoot issues that arise due to an update, new implementation, reconfiguration, or other changes to the system.
Information System Usage Audits and Activity Reviews
timeTracko implements hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain electronic protected health information (ePHI). Audit controls are technical mechanisms that track and record computer activities. An audit trail determines if a security violation occurred by providing a chronological series of logged computer events that relate to an operating system, an application, or user activities.
timeTracko shall establish a process for conducting, on a periodic basis, at least annually, an operational review of system activity including, but not limited to, user accounts, system access, file access, security incidents, audit logs, and access reports. timeTracko shall conduct an internal review of records of system activity on a regular basis to minimize security violations.
Backup and Disaster Recovery
It is the policy of timeTracko to prepare for contingencies and ensure an appropriate response to emergencies or other occurrences that may damage systems that contain electronic confidential information, such as protected health information (PHI), and maintain usable copies of electronically held confidential information for use in such responses, if appropriate, as required by HIPAA Security Rule §164.308(a)(7) and by other applicable state or federal regulations. Information not required to be maintained shall be disposed of according to the defined procedures.
Contingency plans must take into account the criticality of applications/systems and data and the effects of short-term interruptions (such as brief power or system failures) and long-term disruptions (such as a loss of facilities or an epidemic).
Procedures shall be established that are sufficient to restore lost or damaged data with a useful duplicate, including the definition of which file systems to back up, the frequency of backups and media rotation, off-site storage requirements, the documentation and labeling of storage media, and the regular testing of backed-up data to ensure adequacy.
Backup and restoration procedures for electronic media and information systems containing critical data must be tested according to the frequency and practices as established in the individual system backup plans.
timeTracko management shall maintain a detailed disaster recovery policy (DRP). This plan addresses the hardware and software configurations and detailed recovery procedures. Plans and procedures shall be sufficient to ensure the restoration of lost data and system access, including a full range of information and activities needed to assure that the plan and its implementation will be effective.
Information Security Incidents
timeTracko shall have in place an information security incident response policy, including procedures for the reporting, processing, and response to suspected or known information security incidents in order to investigate, mitigate, and document such incidents so that security violations may be reported and handled promptly, using an orderly process known to all workforce members, according to the HIPAA Breach Notification Rule and the HIPAA Security Rule §164.308(a)(6).
timeTracko shall establish an information privacy and security awareness and training program for the purpose of ensuring that all workforce members, including management, are aware of the organization’s security policies and procedures and general principles of information security, as required by the HIPAA Privacy Rule and the HIPAA Security Rule §164.308(a)(5). Training must be provided to new staff before access to PHI is permitted and must be provided to all staff at least annually. Procedures shall include a definition of when training is to occur, for whom, and what training content, documentation, and acknowledgment will be provided.
Sanctions for Policy Violations
As appropriate, any member of the workforce who does not comply with the security policies and procedures of timeTracko or who otherwise misuses or misappropriation personal or private information will be subject to disciplinary action according to the organization’s disciplinary procedures. Workforce members in violation of security policies and procedures may be subject to:
- A verbal warning
- A notice of disciplinary action placed in personnel files
- The removal of system privileges
- Termination of employment and/or contract penalties
- Civil or criminal penalties which may include notifying law enforcement officials, regulatory accreditation, and licensure organizations
- Other sanctions as identified in the organization’s disciplinary procedures.
timeTracko shall document any policies and procedures implemented under the requirements of the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Breach Notification Rule, and other applicable information security regulations. timeTracko shall also document any actions, activities, and assessments required to be performed under applicable HIPAA regulations under the requirements of the policies enacted in support of such regulations.