Privacy Policy

1. Personal data

Your personal data includes any information that may lead, either directly or in combination with others, to your unique tracking or identification as a natural person. This category includes information such as name, VAT number, social security number, your postal and e-mail addresses, your landline and mobile phone numbers, your bank /debit/ prepaid card numbers, your e-mail addresses, your rating data, internet search history (log files, cookies, etc.), and any other information allows your unique identification according to the provisions of the General Data Protection Regulation (GDPR 2016/679) and the current Greek legislation (Law 4624/2019) and the decisions of the Data Protection Authority.

2. About us

TimeOff offers the digital management of business or organization personnel, covering all the basic needs related to the management of the business or organization personnel and their complete digitization in the cloud.The name, address and contact details of the company that manages the time-off.io website are the following:«SOFTAWARE PRIVATE CAPITAL COMPANY»Registered office: Chandakos 52, 71202, Heraklion, GreeceTel.: +30 210-2209538,e-mail: info@time-off.io,The present Privacy Policy is intended to inform you of the terms of collection, processing and transmission of your personal data that we may collect as Data controllers.

3. Collection of personal data

TimeOff will always ask you for the minimum required personal data to receive our services. These include, as the case may be, name, surname, e-mail address, postal address of issue or dispatch of invoice and billing method, which may include credit card or bank account details in case of transfer. The receipt of your personal data is almost always made for the execution of a contract between us in your capacity as a user of our services and/or as our supplier and/or as a visitor of our website. TimeOff retains your personal data only for as long as required by the contractual terms of each service, in combination with the current financial, tax and other legislation, based on the intended processing and then anonymizes or destroys it.

4. Lawfulness of processing

TimeOff will use your information for at least one of the following legitimate processing purposes:• For the conclusion and execution of a contract between us and the satisfaction of our contractual obligations.• Because it is necessary to comply with a legal obligation such as fulfilling our tax and accounting obligations.• To serve our legitimate business interests, as well as the legitimate interests of third parties. The legitimate interest is when we have a business or commercial reason to use your data. But even then, this use is in line with your fundamental rights, for example:• To provide you with effective service and support.◦ To respond to your requests and to record any complaints you may have.◦ To improve the safety of our website.◦ To do business with you.◦ To inform you about our new services.• Because you gave us your consent. If we have obtained your valid consent, which you have freely provided, then the lawfulness of processing is based on that consent.We may process your personal data to inform you about our services and offers that may interest you or your business. The personal data we process for this purpose consists of information you provide to us and data we collect when you use our services. We may use your personal data to promote our products and services to you, only if we have your consent to do so or if we believe we have a legitimate interest in doing so. You have the right to object at any time to the processing of your personal data for marketing purposes.

5. Transmission to third parties

When fulfilling our contractual and legal obligations, your personal data may be transmitted to various service providers and suppliers. These service providers and suppliers are bound by data processing agreements and are obliged to ensure confidentiality and protection of data in accordance with the GDPR and these persons may be:• External legal advisers• Financial and business consultants• IT and telecommunications companies• External auditors and accountantsIn any case, we take the appropriate technical and organizational measures to ensure that your personal data is transmitted, stored and processed in accordance with the appropriate safety standards and in accordance with the terms of this Policy and the applicable data protection laws.

6. Transmission to third countries

TimeOff does not transmit your personal data to third countries (outside the European Economic Area-EEA).

7. Data storage

We will process and store your Personal Data throughout our business relationship and for as long as it is necessary to fulfill our contractual and legal obligations. We will delete your data:i. Upon your request or objection to the processing, on condition that there is no legitimate reason requiring us to retain this data.ii. When your data is not necessary for the purposes of our compliance with legal obligations.iii. If the collection and processing of data was based on your consent, after withdrawal of your consent.iv. When your data is no longer necessary for the purposes for which this information was collected and processed.

8. Automated decision-making and profiling

When conducting our business, we do not use an automated decision-making process. We can process certain aspects of your data in order to start a business relationship with you.

9. Personal data of minors

For the performance of our activities, we do not collect or process personal data of minors nor do we provide services to persons under 18 years old.

10. Your rights

You have the following rights regarding the personal data we hold about you:• Access your personal data. This allows you for example to receive a copy of the personal data we hold about you and verify that we lawfully process it. To receive a relevant copy, you can contact the company, via e-mail at "privacy@time-off.io", or through its website (Contact).• Request the correction of the personal data we hold about you. This allows you to correct any incomplete or inaccurate data we hold about you.• Request the deletion of your personal data ("right to be forgotten"). This allows you to ask us to delete your personal data when there is no legitimate reason for us to keep processing it.• To oppose to the processing of your personal data ("right of objection") when we rely on a legitimate interest but there is something special about you that makes you want to oppose to the processing for this reason.• You also have the right to object in cases where we process your personal data for the purpose of direct marketing. This also includes profiling, as far as direct marketing is concerned. If you object to the processing for direct marketing purposes, then we will stop processing your personal data for those purposes.• Request a restriction on the processing of your personal data. This allows you to ask us to restrict the processing of your personal data, i.e to use it only in certain cases.• Request a copy of your personal data in a structured, commonly used and machine-readable format to transmit this data to other organizations. You also have the right to request that your personal data be transmitted directly from us to other organizations you name ("data portability right").• Withdraw the consent you have given us regarding the processing of your personal data at any time. We remind you, however, that any withdrawal of your consent does not affect the lawfulness of the consent-based processing before it is withdrawn or revoked by you.• Right of Complaint. Before filing your complaint, you must contact us, exercising your rights provided by the GDPR indicated above. If we do not satisfy your requests or you consider that our response was not satisfactory, you have the right to file a complaint to the Data Protection Authority (www.dpa.gr).To exercise any of your rights, you can contact the Company via e-mail at "privacy@time-off.io", or fill-in the relevant contact form through the website.

11. Personal data safety

We recognize the importance of protecting your privacy and all your personal data. To this end, we dispose of appropriate safety policies and use the appropriate technical and operational tools, such as anonymization, pseudonymization, data encryption, use of firewalls and establishment of access levels. To enhance the safety of the platform, the following steps are also taken:• Use of the SSL certificate and mandatory communication through the https protocol, for all communications of the TimeOff platform.• Encryption of all user passwords for all user roles in the database, with a one-way encryption algorithm (hash)• Use of cookies with a host-only setting, which do not allow them to be read by software operating on third party websites.

12. Cookies policy

Our website uses “cookies”. These are online tools for collecting and analyzing information that are necessary for the operation of the website, see our cookies policy.

13. Validity of personal data protection policy

The present Policy was published by TimeOff on 01.08.2021 and is subject to periodic improvement and revision.Any changes to this Policy will apply to the data collected from the date on which the revised version is published, as well as to the information we currently hold. The use of the website upon publication of the changes implies your acceptance of these changes.