When an organization (also referred to herein as a "data controller" or "customer") is considering using ti&m Places to book a workspace, meeting room, or parking space, privacy is something that needs to be addressed at every level. The questions we answer below should address any privacy concerns you may have when planning your Places implementation or at any point during usage of ti&m places.
What personal data does ti&m places collect and for what purposes does ti&m places use this data?
ti&m processes personal data in ti&m places to provide the agreed services as defined in the Online Services Terms, and for the purposes determined by the “customer” (“data controller”) receiving the service. ti&m places, as a cloud-based service, processes several types of data as part of delivering the service. This personal data includes:
We save information about bookings and check-ins. For each booking we save the Workplace-ID, the User-ID and the exact date and time of booking and check-in. Workplace-ID refers to a workstation and therefore includes the full location, including building address, the floor, room. User-ID is a foreign key to the “customers” Microsoft 365 Tenant. It is not possible to draw conclusions about who this User-ID belongs to without direct access to the “customers” Microsoft 365 Tenant.
The following user data that is shared within your company: Username and Profile Picture. This data is taken from the user’s Microsoft 365 User Profile and is processed by ti&m for display reasons only. None of this data is stored in our application at any time. The “customer” has the possibility to define privacy settings within ti&m places in case username or profile pictures should not be visible to other users.
A detailed history of all bookings of a “customer”, allowing the “customers” Admins to analyze usage of workplaces, meeting rooms and parking lots over time. ti&m will not make above mentioned analysis unless the “customer” explicitly asks for it.
Information related to troubleshooting tickets or feedback submission to ti&m.
Diagnostic and service data
Diagnostic data related to service usage. This data allows ti&m to deliver the service (troubleshoot, secure and update the product and monitor performance) as well as perform some internal business operations, such as:
• Determine revenue
• Develop metrics
• Determine service usage
• Conduct product and capacity planning
ti&m places does at no time process or store any special categories of personal data as defined in article 9 of the European GDPR (DSGVO) or article 5c of the Swiss FDPA (DSG). To the extent ti&m operates on personal data in connection with ti&m's legitimate business operations, ti&m will be an independent data controller for such use and will be responsible for complying with all applicable laws and related controller obligations. ti&m will not use personal data for mailings or similar marketing activities.
Legal Basis of Processing
Our customers are controllers for the data provided to ti&m, as set forth in the Online Services Terms, and they determine the legal bases of processing. ti&m, in turn, processes the data on the customers' instructions, as a processor.
To the extent ti&m processes personal data in connection with its own legitimate business operations. ti&m will be an independent controller for such processing, the legal basis of which is legitimate interests. "ti&m legitimate business operations" consist of the following, each as incident to delivery of ti&m places to the customer: (1) billing and account management; (2) compensation (e.g., calculating employee commissions and reseller incentives); (3) internal reporting and modeling (e.g., forecasting, revenue, capacity planning, product strategy); (4) combatting fraud, cybercrime, or cyber-attacks that may affect ti&m or ti&m Products; (5) improving the core functionality (accessibility, privacy or energy-efficiency); and (6) financial reporting and compliance with legal obligations.
What third parties have access to personal data?
ti&m will not disclose personal data except:
* the data the customer may derive by use of the API. Please refer to the relevant data privacy statement of the customer;
* as described in the Online Service Terms;
* as required by law.
If law enforcement contacts ti&m with a demand, ti&m will attempt to redirect the law enforcement agency to request that personal data directly from the customer. If compelled to disclose personal data to law enforcement, ti&m will promptly notify the customer and provide a copy of the demand unless legally prohibited from doing so.
Where does ti&m transfer and store data?
The customer can choose the location where customer data will be stored. Currently, data centers in Switzerland or the EU (Ireland) are available. Other data centers may be requested. The transfer of data from one data center to another can also be requested. Please note that requesting a new data center or transferring data from one data center to another is not part of our service and may result in additional charges.
How long does ti&m places retain personal data?
ti&m does not retain personal data. Personal data will be processed for display reasons but is not stored at all.
End user consent
The customer is responsible for informing its users of ti&m places (e.g., employees or partners) about the usage of ti&m places within the applicable legal framework and obtaining their consent.
ti&m places does not make any profiling of user data and there is no automatic decision making within ti&m places which would affect the end user.
Data is protected by Microsoft Cloud Services. ti&m regularly performs back-ups of the data stored on Microsoft Cloud Services and retains them in the Microsoft Cloud in the corresponding location. ti&m operations is ISO 27001 certified.
Contact Details of ti&m‘s Data Protection Officer