Personal Data Protection
and Privacy Policy
Armatura and its affiliates (hereinafter also referred to as Armatura as
the “responsible” or “we” or “us”) as the operator of the APP (hereinafter also
referred to as “our APP”) is pleased about your interest in our APP. This Policy only applies to TimeRalo products or services of TimeRalo, including TimeRalo(Collectively
referred to as “the Service”).
Last update: Aug 2025
If you have any question, comment or suggestion, please contact us via the following means:
Email: TRmessage@timeralo.com
Biometric Privacy Notice:
This software application allows customers
to store and manage biometric data associated with registered individuals
interacting with the software and connected biometric devices.
Note that a person’s biometric data is
considered as personal identification information. As such, a person’s
biometric data is protected under the governing laws of the country and
state/province wherever the person’s biometric data is recorded. Prior to
customers operating the software, customers should first ensure they have the
legal right to record their users’ biometric data. Customers intending to store
& match their users’ biometric data should first inform their users of the
customer’s intention and gain their users’ permission prior to enrolling their
users’ biometric data in the software.
- I. Definitions
- II. Principles for the processing of
personal data
- III. Downloading the APP
- IV. Technically
required data processing for the use of the Services.
- V. Customer account for the use of the
monitoring services
- VI. Cookies and
similar technologiesX
- VII. Services
Improvement
- VIII. Data processing by third parties
and transfer of data to third countries
- IX. The security and storage of your
information
- X. Your rights as a data
subject
- XI. How we share, transfer and disclose your Personal
Data
- XII. How we handle Personal Data of minors
- XIII. How
this Policy is updated
- XIV. How to contact us
We understands the importance of personal data and will do everything possible to protect your Personal Data. We are committed to preserving your trust in us by protecting your Personal Data based on the following principles: accountability, purpose limitation, lawfulness, data minimisation, security safeguard, subject involvement and participation, openness and transparency, etc. Armatura also commits to protect your Personal Data by implementing appropriate security measures in accordance with industry accepted security standards.
Before using any products (or services), please read this Policy carefully and make sure you have fully read, understood and agreed to this Policy.
1. TimeRalo Services refers to services developed and operated by the TimeRalo platform to 【improve the management of TimeRalo modules, including attendance management and system management】.
【These services can be deployed in the cloud, including websites, products, and mobile devices (apps).】
2. TimeRalo Service Provider refers to us, the company that developed and provides TimeRalo services.
3.Personal Data (Or Personal information under some certain jurisdiction) refers to information recorded electronically or otherwise that can be used alone or in combination with other information to identify the identity and activities of a particular natural person. Such information includes name,Gender, mobile phone number, ID number, email address, personal biometric information (e.g., face,fingerprint, palm information), employment information (employee number), corporate information (corporate name and business identification number), and Personal Data of children under age 14 (inclusive).
4.Personal Data Controller refers to an organization or individual that has the authority to determine the purpose and manner of handling Personal Data. The Personal Data controllers referred to in this agreement are corporate/organizational users of TimeRalo products.
5.Data Processor means a natural or legal person, public authority,
agency or other body that processes personal data on behalf of the Controller.
The Personal Data processors referred to in this agreement are Armatura.
6.Recipient is a natural or legal person, public authority, agency or
other body to whom personal data are disclosed, whether or not a third party.
However, public authorities that may receive personal data in the context of a
specific investigation mandate under Union or Member State law shall not be
considered as recipients.
7.Third party means a natural or legal person, public authority, agency
or other body other than the data subject, the controller, the processor and
the persons authorized to process the personal data under the direct
responsibility of the controller or the processor.
8.Consent shall mean any freely given indication of the data subject's
wishes for the specific case in an informed and unambiguous manner in the form
of a statement or any other unambiguous affirmative act by which the data
subject indicates that he or she consents to the processing of personal data
relating to him or her.
9.Local Server refers to the enterprise/organization which allocates and authorizes access to and use of computers or devices on which TimeRalo products are installed. That is, the enterprise/organization controls the Personal Data and data stored on the local server.
10.Data Subjects refers is any identified or identifiable natural person
whose personal data are processed by the controller responsible for processing.
11.Restriction of processing is the marking of stored personal data with
the aim of limiting their future processing.
12. 【Controller or
Controller responsible for processing and representative: The Controller or
Controller responsible for processing is the natural or legal person, public
authority, agency or other body that, alone or jointly with others, determines
the purposes and means of the processing of personal data. By using our
services, the controller is your organization or enterprise.
Insofar as the Controller responsible for processing has its registered
office outside the European Union, a representative must be appointed in
accordance with Art. 27 GDPR. The representative must be established in one of
the Member States, in which the data subjects, whose personal data are
processed in connection with the goods or services offered to them or whose
behavior is monitored, are located. The representative shall be appointed by
the controller or processor to serve as a point of contact, in addition to or
in place of the controller or processor, in particular for supervisory
authorities and data subjects on all matters relating to the processing to
ensure compliance with this Regulation. "Representative" therefore
means a natural or legal person established in the Union appointed in writing
by the controller or processor in accordance with Article 27 GDPR to represent
the controller or processor in relation to their respective obligations under
this Regulation.】
13. Processor.
A data processor refers to a natural person, legal person, public authority,
agency or other body that processes personal data on behalf of a data
controller. By using our services, the processor is ZEKTECO.
- II. Principles for the processing of
personal data
(1) Scope of processing of personal data
As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional APP as well as our content and services. The collection and use of your personal data within the framework of our services is generally only carried out with your consent. However, an exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is nevertheless permitted by legal regulations.
(2) Legal basis for the processing of
personal data
The data collected or transmitted by you will be collected, used, processed, stored and, if necessary - if required by law or contract - forwarded to third parties exclusively within the framework of the applicable data protection laws.
Various legal bases for the processing of your personal data arise from applicable Law, each of which is referred to in this privacy policy:
1.You have gave your consent to one or more specific purposes of processing operations.
2.It is necessary for the performance of a contract to which the data subject is a party. This legal basis also refers to those processing operations which are necessary for the performance of precontractual measures.
3.If we have to process personal data in order to comply with a legal obligation of our company.
4.If vital interests of the data subject or of any other natural person require processing of his or her personal data.
5.If processing of personal data is necessary for the purposes of a legitimate interest pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override this first interest of our company or a third party.
Storing information in the end user's terminal equipment, e.g. via tokens or cookies, or accessing information already stored in the terminal equipment is only permitted, if it is covered by one of the following justifications:
1.If the end user has consented on the basis of clear and comprehensive information. The consent has to be given;
2.When the sole purpose is to carry out the transmission of a message over a public telecommunications network; or
3.If the storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.
- III. Downloading the APP
When downloading the mobile APP, the required
information is transferred to the App Store, i.e. in particular 【user name, e-mail address and customer number
of your account, time of download, payment information and the individual
device identification number.】
In addition, the APP store still independently collects various data and provides you with analysis results. We have no influence on this data processing and are not responsible for it. We process the data only insofar as it is necessary for downloading the mobile APP to your mobile device.
- IV. Technically
required data processing for the use of the Services.
1.Data for Administrator / employee account.
When you first time to use the Service, we process the personal data described below to enable you to activate our services and use the functions comfortably. If you want to use our mobile APP, we process the following data, some of them are technically necessary for us to offer you the functions of our services and to ensure stability and security, so that they must be processed by us, the other data are optional for you to decide to use complete services or not:
【-Last name
-First name
-Last Name
-Company name
-Industry type
-Company size
-Email address
-City
-State
-Country
-User photo
-User role
-Photo
-Personal ID
-Password
-Email
(a) Mandatory
data for Administrator registration
-Email
-Password
(b) Optional
Data for Administrator
-Industry type
-Photo
-Fingerprint
-Password
(c) Mandatory
data for Employee registration
-Personal ID
-First Name
-User role
(d) Mandatory
data for Employee registration
-Last Name
-Photo
-Fingerprint
-Password
2.Registration process
The way
for administrators to register our service for the first time is not the same
as that for employees to activate our service for the first time. When you, as
an administrator, use our service for the first time, you need to leave the
personal data that you left when purchasing our service. Such personal data
includes [Email,Password, Industry type], and then we will send the activation link to your email inbox via
email. You have to go to the email address and click on the activation in order
to register successfully. Click on the activation link in the email and your
account will be activated and you will be redirected to the login page
automatically. At the same time, we store the double-opt-in and the date of
your registration along with the time. This data is not passed on to third
parties. After you complete the activation, you can officially start using our
service.
Before
you, as an employee, use our service for the first time, your employer, the
data controller, will input your relevant personal data into the system. When
you log in to the system for the first time, you need to enter the personal
data that your employer has already input into the system, which includes [Last Name,Photo,Fingerprint,Password] to complete your personal
identity verification. After the identity verification is completed, you can
start using our service.
In the
course of the further registration process, your consent to this processing
will be obtained as far as necessary and reference will be made to this data
protection declaration. The data collected by us in this process will be used
exclusively for the provision of the customer account.
To ensure
the security of the company's workplace and improve the level of security
management, the service you will use involves security devices with biometric
data recognition functions. Before you use this equipment, we need to inform
you of the relevant matters concerning personal data collection and obtain your
consent.
The
company has the responsibility to provide employees with a safe working environment,
and the collection of biometric data is a necessary means to achieve this goal.
By using security devices with biometric data recognition functions, we can
better control the access of personnel and reduce security risks.
As an
employee of the company, when using the workplace and facilities provided by
the company, you agree that the company can adopt reasonable security measures.
The collection of biometric data is to ensure the security of the workplace,
which conforms to your reasonable expectations.
3.Legal basis
This service is mainly applied within
enterprises. Therefore, to activate your services, you must provide 【your last name, first name, gender, mobile phone
number, name of workplace, company name, address, city,
state, postal code and Personal ID】 to verify that you are a employee of a specific enterprise. In addition, personal data such as the
purpose of visit, the date of visit and the end date of visit are necessary for
realizing the security functions provided by this service. In addition, we use
the data to optimize our APP and to ensure the security of our information
technology systems. An evaluation of the data for marketing purposes does not
take place in this context.
The legal basis for data processing is the contract that we conclude
with you for the provision of our services. Besides, the legal basis for the
processing of the data is met, if and insofar as your consent is given. If you
were an enterprise administrator, You can revoke the consent given to us to
open and maintain the customer account at any time with effect for the future.
For this purpose, you only need to inform us of your revocation. If you are an
employee user, please contact your enterprise/organization
administrator to complete the revocation of your consent for the processing of
your personal data. If you are unable to contact your enterprise/organization
administrator or are unable to revoke your consent for the processing of your
personal data for other reasons, you can contact us through the contact
information provided in this privacy policy to revoke your consent for the
processing of your personal data. We will respond to your request after
verifying your identity and relevant circumstances.
4.Duration of storage
The data is deleted as soon as it is no longer required to achieve the
purpose for which it was collected. In the case of the collection of data for
the provision of our APP, this is the case when the respective session has
ended. If the data was stored in log files, this is the case after 7 days at
the latest.
5.Possibility of objection
and removal
You can object the collect of the optional person data at any time. The collection of mandatory data for the
provision of our service is absolutely
necessary for the operation of the website. Consequently, there is no
possibility for you to object in this respect.
- V. Employee’s account to use the services
1. Device
Data
We receive and record information about the
device you are using on the specific permissions you granted during the
installation and use of the services:
-Device model
-operating system version
-device settings
-unique device identifier
-hardware and software characteristics
-IP address
-GPS location information
-Wi-Fi connections
-Bluetooth
-base stations
2. Log
Information
When you use products or services provided by
our website or client end, we will automatically collect detailed use
information of our services and save them as relevant web logs. For example,including:
-search and query content
-IP address
-browser type
-language used
-date and time of visit
-records of webpages visited.
3. Customer
service - Trouble shooting data
Troubleshooting and help data: data
submitted when you contact Armatura for
help, such as authentication information and data related to your device and
its corresponding products, as well as the problems you face. The processing of
personal data from an inquiry for trouble shooting sent to us serves solely to
process the contact and the problem. In this context we may process contact
data, such as name, address data, telephone numbers, e-mail address to contact
you and device, usage and configuration data in order to solve problems and
instruct our sub-contractors with whom we have concluded a Controller/Processor
Agreement.
4. Legal
Basis
The legal basis for data processing is the
contract that we conclude with you for the provision of our services. Besides,
the legal basis for the processing of the data is
met, if and insofar as your consent is given. If
you were a enterprise/organization
administrator, You can revoke the consent given to us to open and maintain the
customer account at any time with effect for the future. For this purpose, you
only need to inform us of your revocation. If you are an employee user, please
contact your enterprise/organization
administrator to complete the revocation of your consent for the processing of
your personal data. If you are unable to contact your enterprise/organization
administrator or are unable to revoke your consent for the processing of your
personal data for other reasons, you can contact us through the contact
information provided in this privacy policy to revoke your consent for the
processing of your personal data. We will respond to your request after
verifying your identity and relevant circumstances.
5. Duration
of storage
(a) Device
Data: 【Device Basic
Information, Parameters, and Command History will be stored until the device is
unbound from the account. This data is deleted immediately upon unbinding.
Users can also actively remove/unbind the device at any time.】
(b) log Information: 【Delete data after one month of storage】
(c) Trouble shooting data:【Delete data after one month of storage】
6. Possibility
of objection and removal
You have the option to revoke your consent to the processing of personal
data at any time. [see XI. (8) Right of revocation below]
- VI. Cookies and similar technologies
1. Cookies
Cookies and similar technologies are widely used in the Internet. To
ensure the smooth operation of our website, we will store a small data file
named Cookie in your computer or mobile device. A Cookie typically contains
identifiers, site names, and some numbers and characters. With the Cookie, our
website can store your preference and other data. We will not use Cookies for
any other purpose than that specified in this Policy. You may manage the Cookie
according to your own preference or delete it. You may choose to delete all
Cookies saved in your computer, and most of the web browsers have a feature to
block the Cookies. But if you do this, you will need to change the user
settings each time you visit our website.
2. Other similar technologies
In addition to Cookies, we will also use other similar technologies such
as website beacons and pixel tags on our website to help us understand your
preference for products or services and improve our customer service.
- VII. Services
Improvement
(1) Description and scope of data
processing
Our Services contains information to enable quick contact/communication. If you contact us by email, if you do send us a support ticket or a suggestion for product improvement using the feedback function of the Services, the personal data you provide (such as Email) will be stored automatically. At the time of sending the message, your IP address and the date and time are also stored.
The response to these inquiries is handled by us.
(2) Legal basis for data processing
The legal basis for the processing of the
data is, if and insofar as your consent is given, or/and
processing is necessary for the purposes of the legitimate interests pursued by
the controller, or/and it is necessary for the performance of a contract to
which the data subject is party or in order to take steps at the request of the
data subject prior to entering into a contract.
(3) Purpose of data processing
The processing of personal data from an e-mail, as well as a support ticket or a suggestion for product improvement, sent to us serves solely to process the contact. This also constitutes the necessary legitimate interest in the processing of the data.
(4) Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. After an objection or revocation declared by you [see below under (5)], your personal data will be deleted within 7 days. However, this data will not be deleted if we are entitled or obliged to continue storing it on the basis of a legal ground other than your consent or despite your objection.
(5) Possibility of objection and removal
You have the option to revoke your consent to the processing of personal data at any time [see XI. (8) Right of revocation below]. In addition, you can also object to the processing of your personal data at any time if and to the extent that this processing [see XI. (1) Right of objection below]. You can send both the revocation and the objection, for example, by trmessage@timeralo.com. In such a case, however, the conversation cannot be continued.
- VIII. Data processing by third parties
and transfer of data to third countries
Since we are a global company, it may be necessary for us to transfer your information to any third party affiliated to us or with whom we have a cooperative relationship, and such information may be maintained on computers and/or other servers located outside of your state, province, country or other governmental jurisdiction in whole or in part. (“Cross-border transfer of information”).
Please note that where necessary to deliver the services, we will transfer personal data to countries/territories outside your countries/territories. In such cases, an adequacy decision could be absent and they may not provide an adequate level of protection to your personal information, however, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy and applicable laws.
|
purpose |
types of data |
overseas recipient |
|
Perform
operations and maintenance work |
all
types of data we collect from you as described From section III to section VII |
TimeRalo
China Operations、TimeRalo China Business Operations、TimeRalo India Service
Operations |
|
For
maintaning and operating our Services as our data centers are in different
areas (for more information regarding the storage arrangement, please see the
“The Security and Storage of Your Information”section) |
all
types of data we collect from you as described From section III to section VII |
We
or/and our affiliates in charge of the maintainance and operation works |
If you want to know more about such
Cross-border Transmissions of Information, please send your e-mail to trmessage@timeralo.com.
We will duly handle your response but please note that our Services may not be
available to you if you refuse cross-border transfer of information.
- IX.The
security and storage of your information
We take all reasonable administrative,
physical and electronic measures to protect the information that we collect
from or about you from unauthorized access, improper use or disclosure,
unauthorized modification and unlawful destruction or accidental loss. We work
hard to protect you and Armatura from unauthorized access, alteration,
disclosure, or destruction of information we hold, including:
AWS CloudTrail — Records all API calls and activities within our AWS environment, including management and data events, providing detailed logs of who performed what action, when, and on which resource.
AWS Config — Maintains a complete history of AWS resource configurations and changes, enabling continuous monitoring against predefined compliance rules.
Amazon GuardDuty — Uses machine learning and threat intelligence to continuously detect unusual activity and potential security threats.
AWS Security Hub — Provides a centralized dashboard for security alerts and automated compliance checks, aggregating findings from multiple AWS security services.
All data is securely stored within AWS’s highly available infrastructure, with encryption applied at rest and in transit using industry-standard encryption protocols. Access to data is strictly controlled through AWS Identity and Access Management (IAM) with the principle of least privilege.
However, please note that no transmission over the Internet is completely secure or error-free, and that the information security policies, rules and technical measures utilized and maintained by us may be subject to compromise.
When you use our Services on your computing and mobile devices (“Devices”), such as by using one of our downloadable applications, some of your data will be stored locally on such Devices.
When you sync your Devices with our Service, such data will be replicated on servers maintained in the India,China. This means that if you store your information in or submit data to our Sites or Products, your information will be transmitted, hosted, and accessed in any of these countries and/or districts based on your location.
- X. How we share, transfer and disclose your Personal
Data
1. Share
Without your explicit consent, we will not share your Personal Data with any other company, organization and individual outside of Armatura.
We may share your Personal Data with an external institution if required by laws and regulations or government authorities.
2. Transfer
We will not transfer your Personal Data to any other company, organization or individual, except under the following circumstances:
(a) Transfer with your explicit consent: with your explicit consent, we will transfer your Personal Data to other parties;
(b) If any merger, acquisition or bankruptcy process involves transfer of your Personal Data, we will request the new company or organization in possession of your Personal Data to continue to be bound by the Personal Data protection policy, or we will request the new company or organization to seek your permission again.
3. Public disclosure
We will only disclose your Personal Data in the following circumstances:
(a) With your explicit consent;
(b) Law-based disclosure: we may disclose your Personal Data in cases where such disclosure is required by laws, legal proceedings, litigation or government authorities, including in cases:
§ Related to Personal Data controller’s performance of obligations prescribed by laws and regulations;
§ Directly related to national security or national defense security;
§ Directly related to public safety, public health or vital public interests;
§ Directly related to crime investigation, prosecution, trial and judgment execution;
§ Where such disclosure is necessary for protecting the vital legitimate interests such as life and property of the subject of Personal Data or any other individual while it is difficult to obtain the consent therefrom;
§ Where the Personal Data involved is disclosed to the public by the subject itself;
§ Where such disclosure is necessary for signing and performing the contract concerned according to the requirements of the subject of Personal Data;
§ Where the Personal Data is collected from legally and publicly disclosed information, such as legal news reports and publicized government information;
§ Where such disclosure is necessary for maintaining safe and stable operation of the products/services provided, such as identification or disposal of failures of products/services;
§ Where the Personal Data controller is a news agency and such disclosure is necessary for legal news reporting;
§ Where the Personal Data controller is an academic research institute, and such disclosure is necessary for statistics or academic research in the public interest, and the Personal Data contained in the results of academic research or description provided externally is de-identified.
Please note that according to law, sharing, transferring or disclosing Personal Data does not include the scenario in which Personal Data is anonymized in such a way that the recipient of such information cannot restore the information or re-identify the subject of Personal Data before it is shared, transferred, or disclosed. As a result, we may store or process such information without notifying you or obtaining your consent.
- XI. Your rights as a data
subject
We provide the following rights to protect your information for our global customer.To exercise the right of information listed below, please follow the instructions and send an email to your enterprise/organization administrator. If you are unable to contact your enterprise/organization administrator or are unable exercise your right of personal data for other reasons, you can contact us through the contact information provided in this privacy policy. We will respond to your request after verifying your identity and relevant circumstances with your enterprise/organization administrator:
(1) Right of objection
(a) You have the right at any time to object
to the processing of your personal data for purposes of direct marketing to us
without giving any reason. We will then no longer process your personal data
for these purposes. This also applies in principle to profiling, insofar as it
is associated with such direct advertising. However, we do not currently carry
out profiling.
(b) You may also object to other processing that we derive from a legitimate interest for reasons arising from your particular situation, stating these reasons. In principle, this also applies to profiling based on this provision. However, we do not currently carry out such profiling. We will then no longer process your personal data unless we can demonstrate compelling reasons for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
(c) Any objection can be made without any formal requirements. For this purpose, it is sufficient to send an e-mail to, for example: trmessage@timeralo.com.
(2) Right of information
You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing exists, you may further request information from us about the following. :
1. the purposes for which the personal data are processed;
2. the categories of personal data which are processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
4. the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
6. the existence of a right of appeal to a supervisory authority;
7. any available information about the origin of the data if the personal data is not collected from you as the data subject.
You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate guarantees in connection with the transfer.
(3) Right to rectification
You have a right against us as the Controller to rectification and/or completion, insofar as the personal data processed by us concerning you is incorrect or incomplete. We shall carry out the rectification without undue delay.
(4) Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
The processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
We no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims; or
If you have objected to the processing pursuant to Article 21 para. 1) GDPR and it has not yet been determined whether the legitimate grounds asserted by us outweigh your grounds.
If the processing of personal data relating to you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.
(5) Right to deletion
(a) Obligation to delete
We are obliged to delete the personal data concerning you without delay if one of the following reasons applies:
1. the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. you revoke your consent on which the processing was based and there is no other legal basis for the processing.
3. you withdraw your consent on which the processing was based pursuant to and there is no other legal basis for the processing.
4. you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing.
5. the personal data concerning you have been processed unlawfully.
6. the erasure of the personal data concerning you is necessary for compliance with an applicable legal obligation.
7. the personal data concerning you has been collected in relation to information society services offered.
(b) Information to third parties
If we have made the personal data concerning you public and we are obliged to erase it, we shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform other data controllers which process your personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.
(c) Exceptions
The right to erasure does not exist insofar as the processing is necessary
1. for the exercise of the right to freedom of expression and information;
2. for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, insofar as the right to erasure is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
5. for the assertion, exercise or defense of legal claims.
(6) Right of information
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right against us to be informed about these recipients.
(7) Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance from us as the controller to whom the personal data was provided, provided that
1. the processing is based on consent or on a contract and
2. the processing is carried out with the help of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from us as a controller to another controller, insofar as this is technically possible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as controller.
(8) Right to revoke the declaration of
consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
If you wish to exercise your right of revocation, an email to trmessage@timeralo.com will suffice.
(9) Right of complaint to a supervisory
authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority to which the complaint has been lodged will inform you, as the complainant, of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Please address any inquiries related to data subject rights to trmessage@timeralo.com. Please note that in the case of requests for information that are not made in writing, our representative may require proof that you are indeed the person about whose personal data information is requested, in order to protect the persons about whom data is stored.
XII. How we handle Personal
Data of minors
Our products, website and services are mainly designed for adults. Without consent of parents or guardians, minors shall not create their own account. If you are a minor, it is recommended that you ask your parents or guardian to read this Policy carefully, and only use our services or information provided by us with consent of your parents or guardian.
We will only use or disclose Personal Data of minors collected with their parents' or guardians' consent if and to the extent that such use or disclosure is permitted by law or we have obtained their parents' or guardians' explicit consent, and such use or disclosure is for the purpose of protecting minors.
Upon noticing that we have collected Personal Data of minors without the prior consent from verifiable parents, we will delete such information as soon as possible.
XIII. How this Policy is
updated
Our Personal Data protection and privacy policy is subject to change from time to time.
Without your explicit consent, we will not cut your rights you are entitled to under this Policy. We will post any change to this Policy on our website.
For major changes, we will also provide a more prominent notification (for some services, we will send notice via email, stating the particulars of changes to this Policy).
Major changes referred to in this Policy include, but are not limited to:
1. Major changes of our service model, such as change of purpose, type or way of use of Personal Data;
2. Major changes in ownership structure or organizational structure, such as changes caused by business adjustment, bankruptcy, merger and acquisition;
3. Change of the party with which we share Personal Data or to which we transfer or disclose Personal Data;
4. Major changes in your rights of participating in the handling of Personal Data or the way you exercise such rights;
5. Changes of the department responsible for Personal Data security, or of the contact information or of the channel for filing a complaint;
We will also archive the previous versions of this Policy for your reference.
XIV. How to contact us
If you have any question, comment or suggestion about this Policy, please send an email to trmessage@timeralo.com, . Normally, we will reply within 7 days. More contact information is available on our website (https://timeralo.com/).