Deep Branch Timesheeting System Privacy Notice

Ed Wilding, the creator of this site, is a sole trader.

Ed Wilding (“I”, “Me”) is the data controller and is committed to protecting the rights of individuals in line with the Data Protection Act 2018 (DPA), the General Data Protection Regulation (GDPR), the UK GDPR and/or other relevant data protection legislation (“Data Protection Law”).

This Privacy Notice explains who I am, the personal data I collect, how I use it, who I share it with, and what your legal rights are.


What data does the system hold?

When you use the system to enter timesheet and leave data I have to collect, store, use and otherwise process personal data for any purpose connected with timesheeting and leave management.
I may collect and hold the following personal information, when you, the user, provide it to me:

  • User’s personal information, such as full name, line manager and working hours;
  • User’s personal information provided, such as hours worked, leave booked;
  • Any further details you share with me.

Why do I collect this data and on what legal ground(s) do I process your personal data?

I collect the above information when you fill in timesheet data, or when a person is added into the system. I collect the above information to:

  • enable the system to communicate with you when neccessary (for example, to inform a line manager that a reportee has booked some time off);
  • enable me to perform my task and process your timesheet data;

I process this data based on your consent. You have the right to withdraw your consent at any time by requesting deletion of your account from this system. If you wish to withdraw your consent, please see your rights section below.


Who has access to your personal data and to whom is it disclosed?

I will disclose your personal data to Deep Branch timesheet administrators when asked to


For how long do I retain your data?

I will only retain personal data for as long as is necessary to fulfil the purposes for which it is collected. In practice this means I will retain your personal data for a 5 year period after which I will delete your data from the system.

If a Deep Branch timesheet admin asks that data is kept for longer than 5 years you will be informed of this and will have the opportunity to excercise your right to be forgotton under GDPR legislation.


How do I protect your data?

I take my information security responsibilities seriously and apply various precautions to ensure your information is protected from loss, theft or misuse. Security precautions include the controlled and limited access to the servers running this system, as well as all standard security best practices as recommended in Django documentation. Only I am authorised to access relevant parts or all of your information.


Do I transfer your Personal Data outside the European Economic Area?

I will not transfer your data outside of the EEA. All of your Personal Data is processed and stored within the UK and France (where the server is hosted).


What are your rights?

Under data protection law, you have rights including:

  • Your right to withdraw your consent - You have the right to withdraw your consent at any time, without providing an explanation.
  • Your right of access - You have the right to ask me for copies of your personal information.
  • Your right to rectification - You have the right to ask me to rectify information you think is inaccurate. You also have the right to ask me to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask me to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask me to restrict the processing of your information in certain circumstances.

If you would like to exercise your rights, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please contact Ed Wilding at edward.wilding3@gmail.com

You also have the right to lodge a complaint with the supervising authority, the Information Commissioner’s Office (ICO), at any time: ico.org.uk.


Contact Information:

30 Dovedale Road,
Nottingham,
NG2 6JA