GDPR and Timecounts.
The General Data Protection Regulation (GDPR) is the European Union’s data protection law. It strengthens privacy protections for individuals and outlines clear responsibilities for organizations that handle personal data. Timecounts is committed to supporting GDPR compliance for both organizations and volunteers.
What Does GDPR Mean for Me?
For Organizations: GDPR means greater transparency on how personal data is processed. You’ll have clearer insight into data handling and user rights.
For Users/Volunteers: GDPR ensures your personal data is more secure, and you now have more control over how your data is used.
Your Rights Under GDPR
GDPR gives individuals several important rights regarding their personal data. These rights include:
Right of Access
Request a copy of the personal data an organization holds about you.
Right to Rectification
Correct inaccurate or incomplete information.
Right to Erasure (Right to be Forgotten)
Request deletion of your personal data under certain conditions.
Right to Data Portability
Receive your data in a commonly used, machine-readable format.
Right to Object
Object to certain types of processing.
These rights apply to all EU data subjects and, in most cases, Timecounts will support them for users worldwide.
How Volunteers Can Exercise Their Rights
Timecounts processes volunteer data on behalf of the organization you participate with. This means the organization (the Controller) is responsible for managing your data and responding to GDPR requests.
To access, correct, or delete your data
Contact the organization you volunteer with directly.
They manage your volunteer profile and personal information in Timecounts.To delete your Timecounts user account (not just a volunteer profile), email us at [email protected] from the email address associated with your account.
We will verify your identity and process the request.If you need support with a data request, Timecounts can help coordinate.
Contact us at [email protected].
If Timecounts receives a request that should be handled by an organization, we will forward it to the appropriate Controller without undue delay, as required by our DPA.
How Organizations Can Manage GDPR Rights
Organizations using Timecounts can:
Access and export volunteer data
Correct or update volunteer profiles
Delete profiles or specific data fields
Respond to requests from volunteers in accordance with GDPR
For support with a formal data-subject request, email [email protected] and our team will assist you in fulfilling the request.
What Counts as Personal Data?
Personal data is any information that can identify an individual, directly or indirectly. This may include:
Name, email, phone number, or address
Form responses
Availability, activity logs, and communication history
Data collected by your organization through custom fields
IP address and device information associated with account use
How Timecounts Protects Personal Data
Timecounts maintains technical and organizational measures to safeguard personal data, including:
Encryption in transit and at rest
Access controls and authentication
Monitoring and logging
Vendor and subprocessor due diligence
Backups and disaster recovery
A detailed list of our security practices appears in our Data Processing Agreement (DPA)
Data Processing Agreement (DPA)
Our DPA outlines:
How Timecounts processes data on behalf of organizations
Our security measures
Our international data transfer mechanisms
Our subprocessor obligations and 30-day notification policy
How we support GDPR, UK GDPR, CCPA/CPRA, and PIPEDA
You can view the full DPA here:
https://timecounts.org/dpa
And our current subprocessor list here:
https://timecounts.org/subprocessors
Need Help?
For questions about GDPR or privacy at Timecounts, contact us at:
[email protected]
We’re here to help.