- TIME TRACKING
- Time tracking
- TIME TRACKING
eBillity (eBillity, we, our or us) is a trading name of Boston Billing Solutions, LLC d/b/a eBillity.
This section informs you of what information we collect about you and why. Personal data means any information about an individual from which that individual can be identified.
Our primary purpose in collecting personal information from you is to provide you with a safe, smooth, efficient, and customized experience. This allows us to provide services and features that most likely meet your needs, and to customize our service to make your experience safer and easier. We only collect personal information about you that we consider necessary for achieving this purpose.
In general, you can browse our website and download our apps without telling us who you are or revealing any personal information about yourself. Once you become a Subscriber or a Customer (or a member of staff of either), we require you to provide your name, mailing and billing addresses, email addresses, telephone number, and credit card information (as described further below), and other personal information as indicated on the relevant forms on the Services (which vary, depending on what kind of User you are), and you are no longer anonymous to us. Where possible, we indicate which fields are required on these forms and which fields are optional.
In addition, as you use the Services, you can from time to time enter or send us personal information. For example, if you are a Subscriber, you can enter your own timesheet and other billing information, and if you are a Customer you can enter information about payment of any invoice submitted by a Subscriber. As you use the Services you can also from time to time enter personal information about third parties. For example, if you are a Subscriber, you can enter personal information about your Customers or your staff.
You always have the option to not provide information by choosing not to become a User or by not using the particular feature of the Services for which the information is being collected. However, each Customer should note that personal information concerning Customers may be retained by Subscribers whether or not such Customer uses the Services.
If you are a Subscriber, we collect your credit card or other payment information and your contact information for billing purposes. And if you are a Customer who wishes to pay amounts to a Subscriber on a recurring basis, we collect and store your credit card or other payment information and your contact information for billing purposes. We do not store credit card or other payment method information unless the Subscriber or any Customer chooses to enter credit card information for use in the eBillity recurring profiles module; in all other cases we share payment information with applicable financial institutions (such as PayPal, Authorize.net, and PSiGate) which store and process such information on their applicable terms.
As a time billing service, we store confidential information submitted by Users that may also constitute privileged communications between an attorney and client. We will not review, see, use or disclose such confidential information except as compelled or required by law as set forth below.
To provide greater detail about the personal data we collect: we may collect, use, store and transfer different kinds of personal data about you or in relation to you which we have grouped together as follows:
With respect to Biometric Data, Subscribers are responsible for compliance with applicable law and for adopting their own biometric data privacy policies. To the extent required by law, Subscribers will obtain written authorization for the Subscriber and eBillity to collect, retain, and use Biometric Data from each staff member prior to collection of such data. Biometric Data will be used solely for identification and fraud prevention purposes.
Special Category Data means details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not seek to collect or otherwise process your Special Category Data unless you request us to.
We use different methods to collect data from and about you including through:
We collect personal data about you if you fill in forms on the Services or correspond with us by telephone, email or otherwise. This includes information you provide when you:
We may process personal data that you manifestly choose to make public, including via social media (e.g. we may collect information from your social media profile(s), to the extent that you choose to make your profile visible).
Automated technologies or interactions:
If you use our Services, we automatically collect the following information:
Where we collect information about you in the ways described above, we do so on the basis that it is in our legitimate interests to collect and process this data. In most situations this data will be anonymised, but we collect and process this data to ensure that our site is functioning properly and that our customer experience is to the standard that you and we expect.
Our website may contain links to and from the websites of advertisers, affiliates and partners. If you follow a link to any of these websites or authorise integration with any of the partners featured on the website, please note that these websites and partners have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites or partners.
In some circumstances we use automated profiling to help suggest new features of our Services that may interest you, depending on your usage of the Services, and to monitor usage of the Services to help us improve the Services.
Information we receive from other sources:
We are also working closely with third parties, (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
When we receive information from other sources, we rely on them having the appropriate provisions in place telling you how they collect data and who they may share it with. We carefully check our sources to ensure that we only receive your information when it is lawful for us to do so.
This section explains how we will use information you provide to us in order to carry out the activities relevant to the provision of our services to you.
Information you give to us. We will use this information to:
Information we collect about you. We will use this information to:
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We must have a lawful basis for processing your personal data. We consider that we have a lawful basis where:
Where we process your personal data on the basis of our legitimate interests, these are our (or our third party’s) interests in providing our services to you in an efficient and secure manner.
In addition to the above, and on occasion, we use email address or other contact information to contact our Users to ask them for their input on our Services, to forward to them media opportunities, and even to invite them to dinner.
This section is to explain how we will ensure that you only receive communications that you wish to receive.
If you have provided your consent to receive marketing communications from us and you change your mind, you can change your preferences and unsubscribe at any time by following the unsubscribe instructions provided in the materials or contacting us at email@example.com.
As detailed in section 5, we may send you communications such as those which relate to any service updates (e.g. service disruption) or provide customer satisfaction surveys. We consider that we can lawfully send these communications to you as we have a legitimate interest to do so, namely to effectively provide you with the best service we can and to grow our business.
This section explains who we share your personal data with and why.
We will not sell, lease or trade your personal information to third parties without your explicit consent. The following describes some of the ways that your information may be disclosed in the normal scope of business to provide our services.
Subscribers, Customers, and other Users: In the normal operation of the Services Subscriber timesheets (including information entered by staff members) and invoices are disclosed to the applicable Customers, and Customer information is disclosed to the applicable Subscriber. In general, the information you enter via the Services is available to Customers, Subscribers, staff members of Customers and Subscribers, and other Users to whom you give access to your account or to whom you give access to the information through the normal operation of the Services.
Anonymized Aggregated Data: We aggregate and anonymize sales information including (but not limited to) industry type, number of invoices sent, average invoice size, method of sending invoices, percentage paid online, sales amounts and average sale per Customer, and disclose such information in a non-personally identifiable manner to Subscribers. However, in these situations, we do not disclose any information that could be used to identify you personally.
As Required By Law: We may be required to disclose your personal information by operation of law, or in response to a valid order of a court, public authorities or governmental agency, deposition, interrogatory, request for documents, subpoena, civil investigative demand or similar process, including to meet national security or law enforcement requirements, provided that you may, unless legally prohibited, provide us with prior written notice sufficient to permit us an opportunity to contest or limit the nature and scope of such disclosure, including but not limited to redacting or withholding privileged communications.
Our accountability for personal data that we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the Principles unless we prove that we are not responsible for the event giving rise to the damage. We are also liable under European law for all data relating to EEA citizens that we share with third parties and under the laws of Switzerland for all data relating to Swiss citizens that we share with third parties.
If a business transfer or change of business ownership takes place or is envisaged, we may transfer your personal data to the new owner (or a prospective new owner). If this happens, you will be informed of this transfer.
This section explains how we keep your personal data safe and where it will be held.
We take your privacy seriously and are committed to maintaining the privacy and security of the personal data you provide to us, and the choices you have regarding our collection and use of your personal data.
Once we have received your personal data, we follow strict security procedures as to how your personal data is stored and used, and who sees it, to help stop any unauthorised access.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Services, you are responsible for keeping this password confidential. You should not share this information with anyone.
The information that we collect from you will be stored at a destination outside the European Economic Area (EEA) and Switzerland. We will ensure that it is adequately protected by using appropriate safeguards as further detailed below.
For EEA citizens: your personal data is transferred from the EEA to the USA, which is not recognised by the European Commission as providing an adequate level of protection for personal data, and therefore the transfer will be covered by a framework recognised by the relevant authorities or courts as providing an adequate level of protection for personal data:
For Switzerland citizens: your personal data is transferred from Switzerland to the USA, which is not recognised by the Federal Data Protection and Information Commissioner as providing an adequate level of protection for personal data, and therefore the transfer will be covered by a framework recognised by the relevant authorities or courts as providing an adequate level of protection for personal data:
Privacy Shield Frameworks
eBillity has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
eBillity is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Pursuant to the EU-US Privacy Shield and the Swiss-US Privacy Shield, eBillity remains liable for the transfer of personal data to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.
Unfortunately, the transmission of your personal data via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us over the internet and you acknowledge that any transmission is at your own risk.
This section explains the length of time that we will retain your personal data.
We will keep your personal data for no longer than is necessary for the purposes for which it was obtained. The criteria for determining the duration for which we will retain your personal data are as follows:
Any third parties that we engage will keep your data stored on their systems for as long as is necessary to provide the relevant services to you or us. If we end our relationship with any third party providers, we will make sure that they securely delete or return your personal data to us unless otherwise required by law.
We may retain personal data relating to you for statistical purposes. Where data is retained for statistical purposes it will always be anonymised, meaning that you will not be identifiable from that data.
You have a right to access your data and may do so by emailing firstname.lastname@example.org. Subscribers may correct, amend, or delete the personal data they have provided us by logging into the Site and making such change to their information where applicable. eBillity may not have a direct relationship with all Users or individuals with whom our Subscribers may interact using the Service. Any such individual seeking access to, or who would like to correct, amend, or delete personal data which may be stored on the Site should direct his or her query to the applicable eBillity Subscriber who has entered their information. At the request of our Users, we will remove any data placed in their accounts.
For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see Section 3 above. We collect this information for the business and commercial purposes described in Section 5 above. We share this information with the categories of third parties described in Sections 7 and 8 above. eBillity does not sell (as such term is defined in the California Consumer Privacy Act) the personal information we collect (and will not sell it without providing a right to opt out).
The following section applies to EEA residents only. It explains that you have a number of rights in relation to your personal data. There are circumstances in which some rights may not apply. You have the right to request that we:
Subscribers may correct, amend, or delete the personal information they have provided us by logging into the Site and making such change to their information where applicable, but this does not affect our obligation to keep your data accurate. We may not have a direct relationship with all Users or individuals with whom our Subscribers may interact using the services. If you are such a User you would like to correct, amend, or delete personal information which we may hold, we ask that you direct your request first to the applicable eBillity Subscriber who has entered your information.
You have the right to object to automated decision-making. This is where a decision, which produces legal effects or similarly significantly affects you, has been based solely on automated processing (including profiling). Where we make an automated decision about you, you have the right to contest the decision and request a human review of the accuracy.
For more information on your rights and how to use them, or if you would like to make any of the requests set out above, please contact us using the details provided in this section.
If you seek to exercise any rights, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
As explained in the section on Communications even if you consented to the processing of your personal data for marketing purposes (by ticking the relevant box or by requesting information about services), you have the right to ask us to stop processing your personal data for such purposes.
You can exercise any right at any time by contacting us at email@example.com.
Web beacons, also known as pixel tags and clear GIFs, (Web Beacons), are electronic images that allow a website to access cookies and help track marketing campaigns and general usage patterns of visitors to those websites. Web Beacons can recognize certain types of information, such as cookie numbers, time and date of a page view and a description of the page where the Web Beacons are placed. No personal information about you is shared with third parties through the use of Web Beacons on the website. However, through Web Beacons, we may collect general information that will not personally identify you, such as Internet browser, operating system, IP address, date of visit, time of visit and path taken through the website.
eBillity may use Web Beacons internally to count visitors and recognize visitors through cookies. Access to cookies helps eBillity personalise the experience of our Subscribers and Customers when each visits the website.
It is our goal to make our privacy practices easy to understand. If you have questions, concerns or if you would like more detailed information, please email our privacy officer at firstname.lastname@example.org.
For EEA residents: If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Information Commissioner’s Office (ICO), or the data protection supervisory authority in your jurisdiction. The ICO is the authority in the UK which is tasked with the protection of personal data and privacy.
For Switzerland residents: If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Swiss Federal Data Protection and Information Commissioner.