Note: This English text is provided for convenience. The Dutch version is authoritative where translations differ.
Privacy statement
Welcome to TimeChimp’s privacy information.
This statement explains:
- (a)what information we collect about you;
- (b)how we use it; and
- (c)your rights.
“Information about you” means personal data under privacy law.
We aim to write clearly. Questions? See section 18 or email privacy@timechimp.com.
1. What does this privacy statement cover?
This statement applies to information about you that we collect when you:
- (a)visit our websites;
- (b)purchase from us or show interest in our services;
- (c)use our products, services, or applications;
- (d)communicate with our team about questions and incidents; or
- (e)apply to work with us.
2. Who is responsible?
TimeChimp (Zekeringstraat 9 A, 1014BM Amsterdam, Netherlands) is the Controller for data under this statement.
For questions about this privacy statement and exercising your rights: privacy@timechimp.com.
We process data lawfully and securely and respect your rights (such as access).
We sometimes work with other companies. See sections 10–12.
Questions or exercising your rights (section 16): privacy@timechimp.com.
3. What information do we collect?
What we collect depends on your relationship with us. If you use our products, we often collect information you provide and information collected automatically when you use our services. We call this service data.
- (a)Account and contact information: name, email, address, phone.
- (b)Account information: account ID (email), status, login credentials, linked devices.
- (c)Purchase information: purchases and data when entering or performing a contract.
- (d)Payment information: payment methods (e.g. card details) and billing address.
- (e)Communication data: contact with us, support, and social channels.
- (f)Marketing: data when you join events, campaigns, or beta testing.
- (g)Applications and HR: CV, ID numbers where required, gender, date of birth, address, phone.
- (h)Technical data: device type, browser, identifiers (e.g. cookies).
- (i)Usage data: features used, performance, crash logs, diagnostics.
- (j)Other technical data: IP address, login activity, system activity.
- (k)Behaviour and preferences: site navigation, referral source, ads/newsletters, privacy settings.
4. Information from third parties
- (a)We may receive information from public sources when relevant (e.g. legal proceedings).
- (b)We also process personal data within your data that you enter in our system. See section 5.
5. Your Data in the platform
Besides service data, you may record hours, expenses, mileage, customer data (client portal), and invoicing information. We call this your data.
You are responsible for your data. We store and process your data to provide our services.
We act as a processor for your data: we do not use your data for other purposes except on your instructions or by court order. We must then enter into a Data Processing Agreement with you. See our data processing agreement.
You can delete your data in our apps at any time. If you delete your account, we delete data on our servers; backups may be kept for up to 3 months.
6. Your responsibility
You must ensure your data complies with applicable laws. If your data contains information about others, ensure collection, storage, and use are lawful.
7. How do we use information about you?
| Purpose | Processing | Categories |
|---|---|---|
| Providing products and services | Orders, payments, notifications, support | Contact, account, purchase, usage, technical data, your data (if needed) |
| Customer support | Tickets, training | Contact, account, purchase, payment, communication, device, usage, technical data |
| Bugs and incidents | Investigation, resolution | Contact, device, usage, technical data |
| Fraud and abuse prevention | Prevention | Contact, account, purchase, payment, device, usage, technical data |
| Product improvement | Analysis, surveys | Account, purchase, device, usage, technical data, behaviour/preferences |
| Marketing | Newsletters, email, online | Contact, account, purchase, device, usage, technical data, behaviour/preferences |
| Legal compliance | Accounting, security, disclosure | As required: contact, account, purchase, payment, device, usage, technical data, your data |
| HR | Applications, onboarding/offboarding | CV, identity data, contact details |
| Risk and strategy | Monitoring, legal protection | Contact, account, purchase, payment, device, usage, technical data, public sources (if relevant) |
We do not use special categories of personal data for other purposes.
8. Legal basis
| Purpose | Legal basis |
|---|---|
| Products/services and issue resolution | Contract performance |
| Customer support and staff training | Legitimate interest |
| Fraud and abuse prevention | Legitimate interest |
| Product improvement | Legitimate interest |
| Direct marketing (business contacts) | Legitimate interest |
| Direct marketing (consumers) | Consent |
| Accounting and legal requirements | Legal obligation |
| HR | Legal obligation |
| Risk and business development | Legitimate interest |
| Other purposes (with consent) | Consent |
You are not required to provide data we request, but we may be unable to provide services—especially where processing is necessary for our contractual obligations.
For direct marketing to consumers (natural persons), we ask for consent under applicable telecommunications law. For marketing to business contacts, we may rely on legitimate interest; you can always opt out via the unsubscribe link in our messages.
9. How long do we keep information?
We keep information as long as needed for the purposes in section 7, including:
- (a)legal retention requirements;
- (b)your relationship with us;
- (c)categories of data we hold;
- (d)disputes or investigations.
As a rule: while you are an active customer and for 7 years after. We may keep data longer if the law requires. We then delete or anonymise it securely.
| Category | Retention period |
|---|---|
| Customer and account data | During customer relationship + 7 years |
| Invoice and accounting data | 7 years (legal obligation) |
| Marketing data | Until opt-out or withdrawal of consent |
| Job application data | 4 weeks after rejection (or 1 year with consent) |
| Support tickets | 2 years after closure |
| Call recordings (support) | Up to 1 year |
Retention periods for your data that we store as processor are set out in Annex A of the data processing agreement.
10. Who has access?
We share information only when needed for section 7 and as permitted by law:
- (a)Group companies — delivery and analysis.
- (b)Service providers and partners — hosting, payments, analytics, marketing, support, surveys, security. They receive only what they need; we use appropriate agreements.
- (c)Government and law enforcement — when required by law or to protect rights.
- (d)Business transactions — merger, acquisition, asset sale (with protection under this statement).
- (e)Third parties at your direction — with your consent.
We do not sell your personal data commercially except as described here or with your consent.
11. International transfers
We may share data with group companies and suppliers outside your country. We ensure appropriate safeguards, including Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c) and adequacy decisions where applicable.
See our subprocessors for an overview per supplier, including transfers and safeguards.
12. Online and social media marketing
We may run ads (e.g. Google, Facebook, LinkedIn) and work with marketing partners. They may use cookies to measure campaigns. We comply with applicable laws.
We use Leadinfo to recognise website visitors at company level (based on IP address). We do this on the basis of legitimate interest. More information is in our cookie policy and on our subprocessors.
12.1 Call recordings
Support calls by phone may be recorded and transcribed (for example via CloudTalk and Leexi) for quality and training purposes. We inform you at the start of a call when recording takes place. We retain recordings for up to 1 year.
13. Automated decision-making
We do not make decisions with significant impact for you based solely on automated processing.
14. Cookies
We use cookies and similar technologies on websites and apps. More information and settings: cookie policy.
15. Your rights
| Right | Description |
|---|---|
| Access | Request access to personal data we hold about you. |
| Rectification | Have inaccurate or incomplete data corrected. |
| Erasure | Request deletion under certain conditions. |
| Restriction | Restrict processing under certain conditions. |
| Portability | Receive data in a structured, machine-readable format under certain conditions. |
| Object | Object to processing, including direct marketing, under certain conditions. |
| Withdraw consent | Where processing is based on consent. |
Contact us via section 18. We may verify your identity and respond within one month (extendable by two months for complex requests, under the GDPR).
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
16. Security
We implement technical and organisational measures against unauthorised access, loss, or alteration. Access is limited to those who need it under confidentiality. No system is fully secure—also protect your login credentials and devices.
17. Changes
We may update this statement. The current version is at terms.timechimp.com/en/privacy-statement. Check regularly for updates.
18. Contact
Questions, comments, or exercising your rights: privacy@timechimp.com.
(This privacy statement is effective as of 01-06-2026.)