Privacy Policy

Privacy Policy TimeHunter

Last updated: 2026-06-10

1Data controller

  1. The data controller for personal data processed in connection with the TimeHunter service is the Company (employer) that registered an account. The service operator — MROAUTO AUTODÍLY s.r.o. — acts as a Data Processor under Article 28 of the GDPR.
  2. The Operator processes personal data on the basis of a data processing agreement, solely for the purpose of providing TimeHunter services.
  3. For data protection inquiries, contact the Operator at: info@timehunter.pl
  4. The Operator (Mroauto Autodily s.r.o.) is established in the Czech Republic, and data processing takes place exclusively within the European Union and the European Economic Area (EU/EEA). No data transfer to third countries occurs, so Standard Contractual Clauses (SCC) or other mechanisms under Chapter V GDPR are not required.

2What data we collect

  1. Identification data: first name, last name, email address, position, system role.
  2. Technical data: IP address, browser identifier (user-agent), login timestamps, GPS geolocation data (if enabled by the employer).
  3. Work records: start and end times, breaks, overtime, leave requests, leave balances, work schedules.

3Purposes and legal basis

  1. Contract performance (Art. 6(1)(b) GDPR) — providing time tracking services as agreed with the Company.
  2. Legal obligation (Art. 6(1)(c) GDPR) — maintaining work time records as required by labor law.
  3. Legitimate interest (Art. 6(1)(f) GDPR) — ensuring service security, detecting abuse, maintaining audit logs.
  4. Consent (Art. 6(1)(a) GDPR) — processing analytics and marketing cookies, if the user consents.

4Cookies

The TimeHunter service uses the following categories of cookies:

Necessary cookies

Required for the service to function properly. Includes authentication token (JWT HttpOnly cookie), language preferences (localStorage) and session protection.

Examples: token (JWT session), lang (language preference), cookie_consent (cookie consent)

Analytics cookies

Used to collect anonymous statistics about service usage. Help us improve functionality and performance. Require user consent.

Marketing cookies

Used to display personalized ads and content. May be shared with advertising partners. Require user consent.

You can change your cookie preferences at any time by deleting the cookie_consent entry from your browser's localStorage or by clearing site data in your browser settings.

5Your rights

  1. Right of access (Art. 15 GDPR) — you can obtain information about what personal data is being processed.
  2. Right to rectification (Art. 16 GDPR) — you can request correction of inaccurate data.
  3. Right to erasure (Art. 17 GDPR) — you can request deletion of your personal data ("right to be forgotten"). The system supports data anonymization while preserving record integrity.
  4. Right to data portability (Art. 20 GDPR) — you can download your data in JSON format via the GDPR export feature.
  5. Right to object (Art. 21 GDPR) — you can object to processing based on legitimate interest.
  6. To exercise these rights, contact your Company administrator or the Operator: info@timehunter.pl
  7. Right to lodge a complaint with a supervisory authority — depending on your country of residence: Polish PUODO (uodo.gov.pl), Czech ÚOOÚ (uoou.cz), or your local DPA in the EU.

6Data retention period

  1. Work time records are stored for the period required by labor law — a minimum of 3 years after the end of employment.
  2. Personal data in employee files is stored for 10 years from the end of employment (in accordance with employee documentation regulations).
  3. The Company administrator can configure a custom data retention policy in the service settings (minimum 6 months, maximum 120 months).

7Data recipients

  1. Supabase Inc. — database infrastructure provider (PostgreSQL). Data stored with encryption at rest and in transit (TLS 1.3).
  2. Render.com — backend application hosting provider. Servers located in Europe.
  3. Personal data is not transferred to third countries outside the European Economic Area without appropriate safeguards (standard contractual clauses).
  4. All technical sub-processors (Supabase, Render.com, ip-api.com) are located or have data centers within the EU/EEA. The full list of sub-processors is available upon request at info@timehunter.pl.

8Data security

  1. We implement appropriate technical and organizational measures to protect personal data, including: transmission encryption (HTTPS/TLS 1.3), JWT authentication in HttpOnly cookies, password hashing (bcrypt, min. 12 characters), protection against CSRF, XSS and SQL Injection attacks (Helmet, CORS, parameterized queries).
  2. The system features an immutable audit log recording all operations on personal data, ensuring full accountability under Art. 5(2) GDPR.

9Changes to this policy

  1. The Operator reserves the right to modify this Privacy Policy. Users will be notified of significant changes with 14 days' advance notice.
  2. The current version of the Privacy Policy is always available at /polityka-prywatnosci.

10Contact

For data protection inquiries, please contact:

Email: info@timehunter.pl

MROAUTO AUTODÍLY s.r.o., Čs. armády 360, Pudlov, 735 51 Bohumín, Czech Republic

Data controller

Company name

MROAUTO AUTODÍLY s.r.o.

Tax ID

CZ06630405

Registered address

Čs. armády 360, Pudlov
735 51 Bohumín, Czechy

Ready for secure time tracking?

Your data is safe with us. Try TimeHunter free for 14 days.

Start for free

This website uses cookies

We use cookies to ensure proper functioning of the service, analyze traffic and personalize content. Learn more in our Privacy Policy