Buddy Punch LLC Privacy Policy

Last Updated: December 31, 2023

Section 1 – Introduction.

Protecting consumer privacy is important to Buddy Punch LLC (“Buddy Punch”, “we”, “us”, or “our”). This Privacy Policy explains how Buddy Punch collects, uses and discloses information about you. This Privacy Policy applies to information we collect when you use our Website (as defined below) and mobile applications (collectively, the “Services” or “Applications”) or when you otherwise interact with us whether in electronic, paper or verbal format.

For the avoidance of doubt, this Privacy Policy does not apply to data collected by our clients who use our Services to track their employees’ time and schedule. If data is collected and processed by our client or its website, the client controls such data. Please contact the owner or operator of the applicable website directly for information about its privacy policies and how it processes personal data. This Privacy Policy further does not apply to information collected by us offline or through any other means, including on any other website operated by any third party.

Buddy Punch is based in the United States and the information we collect is governed by United States (“US”) law. By accessing or using the Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the US. We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as by adding a statement to our websites or by sending you a notification). You should review the Privacy Policy whenever you access the Services to stay informed about our information practices and the ways you can help protect your privacy.

This Privacy Policy aims to clearly outline our policies and procedures for collecting, using, storing and disclosing personal data of individuals. All of the different forms of data, content, and information described in this Privacy Policy are collectively referred to as “personal data”. For purposes of this Privacy Policy, “personal data” means any information about an identifiable individual. Personal data excludes anonymous or de-identified data that is not associated with a particular individual.

Buddy Punch’s service offering involves providing organizations and individuals within those organizations with access to and use of the Services through their devices (any device used to access the Applications, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device (each a “Device”)). By using the Services, you agree to Buddy Punch’s collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with such collection, use and disclosure of your personal information, please do not use the Services.

This Privacy Policy explains what we do with your personal data when:

  • Your organization signs up for the Services and you access the Applications using a business account via our website (www.buddypunch.com), subdomain (*.buddypunch.com), through applications on Devices, through an application program interface, or through third-parties (collectively, the “Application Users”);
  • You leave your organization and cease to access the Applications using a business account attached to your organization (“Former Application User”); and
  • You visit our website (www.buddypunch.com) and subdomain (app.buddypunch.com) (the “Website”) while browsing the internet (collectively, the “Website Users”).

Our Website and Applications are not intended for children under 16 years of age. No one under age 16 may provide any personal data to or on the Website or Applications. We do not knowingly collect personal data from children under 16. If you are under 16, do not use or provide any information on this Website or Applications. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at [email protected].

Section 2: Personal Data We Collect About You.

(a) Application Users: We need to use personal data about you in the course of providing the Services to your organization and for ancillary purposes set out in this Privacy Policy. Depending on the relevant circumstances and requirements, we may collect some or all of the personal data listed below to help us with this:

• Name
• Phone number
• Date of Birth
• Credit card details or other billing information
• Email address
• Home and business physical addresses
• Photos for profile and Facial Recognition use
• Social networking information (if we are provided with access)
• Any further personal data contained in any files that you upload, download, or create (“Files”) within the Applications
• Log data from your Device, its software, and your activity using the Applications including the Device’s Internet Protocol (“IP”) address, browser type, locale preferences, geo-location information, identification numbers associated with your Device, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Applications.
• If you are accessing our Services from the Applications on a mobile device, you may be asked to share your precise (GPS level) geo-location information. Such geolocation information includes physical locations visited (latitude & longitude), accuracy and timestamp.

(b) Former Application Users: We will retain the personal data listed below:

• Name
• Phone number
• Date of Birth
• Credit card details or other billing information (if you were the primary account holder in relation to your business account)
• Email address
• Home and business physical addresses
• Photos for profile and Facial Recognition use
• Files within the Applications
• Log data from your Device, its software, and your activity when you used the Applications including the Device’s IP address, browser type, locale preferences, geo-Location Information, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Applications.

(c) Website Users: We collect a limited amount of personal data from our Website Users which we use to help us improve your experience when using our Website and to help us manage the Services we provide. This includes log data such as your Device’s IP address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information and other interactions with the Website. If you contact us via the website (including via any chat widget), we will collect any information that you provide to us, for example your name and contact details.

Section 3: How We Collect Your Personal Data.

(a) Application Users: We collect your personal data in three primary ways:
• Personal data that you provide to us;
• Personal data that we receive from your organization and other sources; and/or
• Personal data that we collect automatically.

(b) Personal data you give to us:
• Where you provide personal data to us when you use the Applications;
• Where you contact us via the Applications; and/or
• Where you upload, download, or create Files within the Applications.
• Where you consent to the GPS device tracking component of the Applications, which Application Users can enable to track who is currently working on-site and everyone’s location history throughout the day via an Application User’s mobile phone.

(c) Personal data we receive from your organization and other sources:
• Where we receive personal data about you from your organization; and/or
• Where we receive personal data (for example, your email address) through other Application Users, if they have invited you to their Buddy Punch account

(d) Personal data that we collect automatically:
• When you use the Applications, where we automatically record personal data in the form of log data from your Device, its software, and your activity using the Applications; and/or
• Where we collect your personal data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see Section 10.

(e) Former Application Users: We will have collected your personal data during the period that you were an Application User in the manner described above.

(f) Website Users: When you visit our Website there is certain personal data in the form of log data that we may automatically collect, whether or not you use the Applications. We also collect some limited personal data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see Section 10.

The Applications may contain links to other sites. Buddy Punch is not responsible for the privacy practices or the content of such websites.

Section 4: How We Use Your Personal Data.

(a) Application Users: Our primary purpose for using your personal data is to provide the Services to your organization. When we use your personal data to allow you to access and use the Applications, we do so on the instructions of your organization and on the behalf of your organization. Activities that we may carry out on this basis include:

  • Allowing you to access and use the Applications;
  • Providing you with assistance (including technical assistance) in relation to your use of the Applications;
  • Personalizing and optimizing your experience of the Applications and providing you with software updates; and
  • Ensuring compliance with the terms of our agreement with your organization; and
  • Tracking real-time-GPS-location data (with an Application User’s knowledge and permission) in connection with time entries. If a time entry is deleted, the real-time-GPS location data will also be deleted. Under these circumstances, real-time-GPS-location data is collected both while our Applications are being used, as well as when our Applications are not active (i.e., running in the background). We maintain a database with this location information and may keep such information consistent with Section 8, below. We may also, from time-to-time, use real-time-GPS-location data to improve the Services and Applications, including our performance, content and Application User experience. Real-time-GPS-location data is retained until the time a time entry is deleted. An Application User’s real-time-GPS-location data is used by their company to dispatch daily tasks and log work hours. An Application User’s mobile phone operating system may provide additional options for you to control the collection and use of this information by the Applications. Note, however, that opting out the Applications’ collection of real-time-GPS-location data will disable its location-based features, and some parts of the Applications may then be inaccessible or not function properly.

There may be certain circumstances under which we use your personal data for purposes that are not on behalf of your organization or in accordance with instructions of your organization. Activities that we may carry out on this basis include:

  • Making announcements to you regarding our products and service offerings (see Section 5 below);
  • Providing you with any service offering outside of the Applications directly;
  • Ensuring compliance with our own obligations under applicable law and regulations;
  • Using your personal data to help us to establish, exercise or defend legal claims; and
  • Analyzing log data/user statistics with the aim of improving the Applications for all Application Users.

(b) Former Application Users: There may be instances where we retain your personal data once you have left your organization and cease to use your Buddy Punch account for our own purposes. Activities that we may carry out on this basis include:

  • Making announcements to you regarding our products and service offerings (see Section 5 below);
  • Providing you with any service offering outside of the Applications directly;
  • Ensuring compliance with our own obligations under applicable law and regulations; and
  • Using your personal data to help us to establish, exercise or defend legal claims.

(c) Website Users: We use your personal data to help us improve your experience of using our Website.

Section 5: Marketing.

If you are an Application User or a Former Application User, we may wish to use your personal data in order to let you know about, and invite you to participate in, our products and service offerings. We need your consent for some aspects of these activities which are not covered by our legitimate interests (in particular, the delivery of direct marketing to you through digital channels) and, depending on the situation, we’ll ask for this via an opt-in or soft opt-in (which we explain further below).

Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us (for example by signing up to the Applications or requesting more information about our service offerings), and we are marketing service offerings similar to those you have previously engaged with us above. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For other types of e-marketing, we are required to obtain your explicit consent.

We will not, as a matter of course, seek your consent when sending marketing materials to a corporate email address. If you are not happy about this, you have the right to opt out of receiving marketing materials from us and can find out more about how to do so in Section 9.

Section 6: Information Sharing and Disclosure.

Where appropriate and in accordance with applicable laws and requirements (and where we use your personal data on behalf of and under the instructions of your organization in accordance with our obligations under our agreement with your organization), we may share your personal data in the following ways:

  • Your Use: We will display your personal data on your profile page and this may be accessed by other persons to whom you are connected within your organization depending on their access level.
  • Service Providers, Business Partners and Third Parties: We may use certain trusted third party companies and individuals to help us provide, analyze, and improve the Applications (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improving the features of the Applications). These third parties may have access to your personal data only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy.
  • Other Service Providers, Business Partners and Third Parties: We may share your personal data with our agents or third-party service providers (including professional advisers and telecommunication service providers) which require your personal data to provide their services to Buddy Punch. Such agents and third-party service providers will not be permitted to use your personal data for any other purpose.
  • Third-Party Applications: We may share your information with a third-party application with your consent, for example when you choose to access Buddy Punch through such an application. We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy acceptable to you before allowing this feature to be employed.
  • Compliance with Laws and Law Enforcement Requests: We may disclose to parties outside Buddy Punch, Files stored in the Applications and personal data about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; or (b) to protect Buddy Punch’s intellectual property rights. If we provide your Files to a law enforcement agency as set forth above, we will remove Buddy Punch’s encryption from the files before providing them to law enforcement.
  • Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction, but we will notify you and/or your organization (for example, via email and/or a prominent notice on our website) of any change in control or use of your personal data or Files, or if either become subject to a different privacy policy.
  • Non-private or Non-Personal data: We may disclose your non-private, aggregated, or otherwise non-personal data, such as usage statistics of the Applications.

Section 7: How We Safeguard Your Personal Data.

We are committed to taking all reasonable and appropriate steps to protect the personal data that we hold from misuse, loss, destruction or unauthorized access. We do this by having in place a range of appropriate technical and organizational measures. These include measures to deal with any suspected data breach. If you enter payment details onto our payment pages, we encrypt the transmission of that information using secure socket layer technology (SSL) which is PCI DSS compliant.

However, the safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services and Applications, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Services and Applications like message boards. The information you share in public areas may be viewed by any Website User or Application User.

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although Buddy Punch does its best to protect your personal data, we cannot guarantee the security of your personal information transmitted through our Services or Applications. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.

Section 8: How Long We Keep Your Personal Data.

We will not keep your personal data for longer than we are permitted to do so under our agreement with your organization or as is necessary for the purposes for which we have collected it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.

When we are no longer permitted under our agreement with your organization or it is otherwise no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. While we will endeavor to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.

Section 9: Accessing and Correcting Your Information.

You have various rights in relation to the personal data that we hold about you. To get in touch about these rights, please contact us or your organization. If you are an Application User and you wish to make a request in relation to our use of your personal data for the purposes of providing the Services to your organization, please contact your organization in the first instance to handle your request. If you contact us, we will refer your request to your organization. If you are an Application User and you wish to make a request in relation to our use of your personal data which is unconnected to your organization or you are a Former Application User or a Website User, please contact us and we will handle your request.

Section 10: Cookies.

We also use “cookies” to collect information and improve our Services. A cookie is a small data file that we transfer to your Device. We may use “persistent cookies” to save your registration ID and login password for future logins to the Service. We may use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor aggregate usage and web traffic routing on the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Application.

We may also use internal and external analytic and product platforms to better understand usage patterns on our Website so that we can improve the design and usability of our products. Some web browsers may transmit “do-no-track” signals to websites with which the browser communicates. Our Website does not currently respond to these “do-not-track” signals.

Section 11: Contact Information.

If you would like further information about how we handle your personal data, if you have any concerns regarding this Privacy Policy or if you wish to exercise your legal rights, please contact [email protected]. Please outline to us your concerns and our legal team or Buddy Punch representative will be in touch to discuss the matter.

Section 12: Your State Privacy Rights.

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal data.

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah and Virginia each provide their state residents with rights to:

  • Confirm whether we process their personal information.
  • Access and delete certain personal information.
  • Correct inaccuracies in their personal information, considering the information’s nature and processing purposes (excluding Iowa and Utah).
  • Data portability.
  • Opt-out of personal data processing for targeted advertising for:
    • targeted advertising (excluding Iowa);
    • sales; or
    • profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
  • Either limit (opt-out of) or require consent to process sensitive personal data.

The exact scope of these rights may vary by state.  To exercise any of these rights please contact [email protected].

Section 13: Copyright Ownership.

Buddy Punch retains full copyright ownership, rights and protection in all materials contained in the Applications.