California Consumer Privacy Act (CCPA) and OnTheClock

What is the California Consumer Privacy Act (CCPA)?

Effective July 1, 2020, updates to the existing 2018 CCPA provide consumers with data privacy rights and control over their data. Consumers now have the right to know the type of data that is collected and how to delete it, the right to opt out of the sale of their data, and the protection that they will not be penalized or treated differently for exercising these rights.

What is considered personal data and information?

Information that identifies, relates to, describes, could be associated with, or is linked to, directly or indirectly, a household, individual, or device is considered personal information. This includes Identifiers, such as name, username, alias, employee number, Internet Protocol (IP) address, email address, geolocation, fingerprints, etc.

Which businesses have to comply?

For-profit businesses with more than $25 million in annual revenue, businesses that annually collect information for or from more than 50,000 users, and those who earn 50% or more of their revenue from data sales must comply with CCPA. All residents of California are entitled to the rights under CCPA. OnTheClock is choosing to extend this option to those who live outside of California as well.

The penalties for businesses that do not comply with CCPA range from $2,500-$7,500 per violation. 

What do businesses have to do now that they did not before this act?

• Right to Know: Businesses must notify you during or before data is collected, which of the 11 categories are being collected, the source, how the data will be used, and what is disclosed to third parties. This is stated on this page, and the privacy policy is easily viewable on the sign-up page and at the bottom of the website.
• Right to Access: Businesses need to make it easy for you (see C) to request the data they've collected from you over the previous 12 months, for free, up to two times per year, after identifying you as the account owner. They have 45 days to get you the information and must keep a record of your request for 24 months.
• Right to Deletion: Businesses must verify identity and delete personal data stored upon request (see D). OnTheClock will permit the deletion of marketing-related data, following section 1798.145 of the CCPA, stating that deletion of data shall not restrict a business’s ability to comply with federal, state, or local laws; comply with civil, criminal, or regulatory inquiry, investigation, subpoena, or summons; defend legal claims; or cooperate with law enforcement agencies. OnTheClock retains timecard data to comply with the Federal Labor Standards Act record-keeping laws.  OnTheClock has 45 days to delete your data and will keep a record of your request for 24 months.
• Right to Opt Out: Businesses have to give you a clear “do not sell my personal information” link on their homepages and within their privacy policies (see B), allowing you to opt out of having your information sold.  OnTheClock does not sell the information collected; therefore, we do not offer such a link. 
• Right to Fair Treatment: You have a right to opt out and not be charged a higher price or given lesser treatment for doing so.

What type of data does OnTheClock collect? What are the category types? What are the sources and reasons?

Administrator: Beginning at the start of your trial sign-up, OnTheClock collects the following data directly from you so that you may use your account to track your employee's time during their shifts.

Manager/Employee: When your administrator adds you to the account, granting you the ability to begin tracking your time or managing the timecards of others, OnTheClock collects the following information:

Visitors: Some information is gathered automatically when a visitor uses OnTheClock.com. The information may include IP addresses, browser types, internet service providers (ISPs), referring/exit pages, operating systems, dates/time stamps, and clickstream data. OnTheClock uses this information to look at trends, maintain our website, track movement around our website, and gather information about our customers that is unidentifiable. The goal is to identify customers' needs and provide the appropriate solutions to better service them.

Job Applicants: If you apply for a job through OnTheClock.com, we will collect, process, and store the information you provide for recruitment purposes. We may also keep some of your information for up to a year in consideration for future employment opportunities.

How do I delete my data from OnTheClock?

Administrator, visitor: 

1. You may contact support@ontheclock.com or call (888) 753-5999.  
2. OnTheClock will confirm receipt within 10 days.
3. OnTheClock will verify your identity. If we cannot, the request will be denied.
4. Once your ID is confirmed, we are required to delete your data within 45 days of the request. If, for some reason, we cannot, you will be notified in writing as to why. OnTheClock will permit the deletion of accounts with no activity in the timecard logs, information related to help and support requests, and marketing-related data, following section 1798.145 of the CCPA, stating that deletion of data shall not restrict a business’s ability to comply with federal, state or local laws; comply with civil, criminal, or regulatory inquiries, investigation, subpoenas, or summons; defend legal claims; or cooperate with law enforcement agencies.  OnTheClock retains time card data to comply with the Fair Labor Standards Act record-keeping laws. 

Manager/employee: You may reach out to your administrator, the owner of the account, and he or she may follow the process above. 

How do I obtain my data records from OnTheClock?

Administrator, visitor: 

1. You may contact support@ontheclock.com or call (888) 753-5999.
2. OnTheClock will confirm receipt within 10 days.
3. OnTheClock will verify your identity. If we cannot, the request will be denied.
4. Once your ID is confirmed, we must then provide your data in an easy-to-read format within 45 days of the request. If, for some reason, we cannot, you will be notified in writing as to why. An inability to identify the requestor or requesting information that OnTheClock doesn’t collect are examples.
5. For instructions to remove a past employee who requests their data be removed from your account click here

Manager/employee: You may reach out to your administrator, the owner of the account, and he or she may follow the process above.

All users may, at any time, update their current information on our website or notify the administrator of the account to do so if they are not the account owners.

How do I opt out?

CCPA allows you to opt out of having your information collected for the purpose of sale. OnTheClock does not sell any of the data it collects; therefore, we do not offer a link on the homepage as required for businesses that do sell data.

Note that OnTheClock will contact you at account sign-up and throughout your use of the product for service-related purposes. You may not opt out of these contacts as an account owner. If you are a manager or employee, you may receive invite emails with user information, and you may not opt out of those. If you would like to unsubscribe from our newsletter, you may choose to stop receiving it by following the unsubscribe instructions at the bottom of the email or by contacting us at support@ontheclock.com or at (888) 753-5999.

Can I come back later after I request deletion and restore my account?

No, once an account is deleted, it cannot be restored. Any important information should be stored in another location prior to your request. You are always welcome to begin a new account.

Where is my data stored, and how long is it stored for?

OnTheClock stores your data in the United States of America.

Your data is stored for as long as your account is active, as needed to fulfill our obligations in providing time tracking software, or as required by law.  

If you have further questions, please contact support@ontheclock.com or call (888) 753-5999.

For the complete CCPA, please visit https://oag.ca.gov/privacy/ccpa.