Terms and Conditions
Introduction
The purpose of this privacy policy (“Policy”) is to explain how, when and why Toggl collects information about individuals, how, for what purposes and on what grounds these ‘personal data’ are subsequently processed, who processes them and what rights the individuals have in connection with their personal data. The Policy also explains Toggl’s practices in using cookies and other technologies for storing information on others’ devices and retrieving information from such devices. When we refer to “Toggl” or use the word “we”, “our” or “us”, we mean the Toggl entity that acts as the ‘controller’ of the information we hold about you or the ‘processor’ of the information that a customer has entrusted to us, as explained in more detail under the “identifying the data controller” part of this Policy. The phrase “Toggl entity” refers to each of the following companies: Toggl OÜ, an Estonian private limited company, registered number 11346813, based in Tallinn, Estonia; and Toggl Inc, a Delaware corporation, file number 5675394, based in Wilmington, USA. The contact details of each of these entities are set out at the end of this Policy. By “you” we mean the individual reading this text, i.e., you as a natural person (and not any company or other organisation that you may be associated with). Some words and phrases in this Policy are in single quotation marks (e.g., ‘controller’, ‘processor’ and ‘data subject’). These are legal terms, having the same meanings as given to them in the EU General Data Protection Regulation, i.e., Regulation (EU) 2016/679 (“GDPR”).
Application
1. This Policy applies to the data processing that takes place through or in connection with the following: (a) your use of the time tracking software or any other software of Toggl OÜ or any of its subsidiaries (by “software” we mean computer programs in any form, including local installations such as desktop and mobile applications as well as software in the form of on-demand services such as web and cloud applications). We shall use the word “Service” in this Policy to designate the above software, and the same word will designate any service, resource or other benefit that Toggl OÜ or its subsidiary offers as a part of or in connection with such software; (b) your visiting, or accessing resources that form part of, any website of Toggl OÜ or its subsidiary (we shall use the word “Website” to designate any such site), including, for example, the site at toggl.com; or (c) your communication or interaction with Toggl; insofar as the above activities are not subject to another privacy policy or similar document. 2. The Policy does not apply in relation to other parties’ products, services, websites, resources or activities. 3. When we speak of “Personal Data”, we mean any information about a living individual from which that person can be identified (the proper legal definition of ‘personal data’ is “any information relating to an identified or identifiable natural person”, with the person to whom the information relates being referred to as the ‘data subject’). Personal Data do not include information from which no individual can reasonably be identified, that is to say, anonymous information or personal data rendered anonymous in such a manner that the individual is not, or no longer is, identifiable (de-identified or anonymised information). The Policy does not apply to such information. 4. The Policy supplements our other terms and policies and is not intended to override them.
Identifying the data controller
5. We are a technology company and a lot of what we do involves data processing in one way or another. Various data need to be processed in a number of ways in order for us to carry on our business, including provide, maintain and develop the Service and Websites, and to communicate with you. Information is processed both for us as well as our customers, and customers themselves process information through the Service. Not all of this information constitutes Personal Data and much of the processing is controlled by parties other than Toggl. 6. For instance, the user environment delivered via the Service has certain logically defined parts (each, a “Organization”) where a Service user (“User”) can enter, record, store, use, disclose and otherwise manipulate various data. The data thus processed are referred to as “Organization Data” and it is usually the User who created the Organization that determines the purposes of, and otherwise controls, the processing of these data. That authority can be assigned to another User, but, at any rate, there is always one particular User, identified in the Organization as the “Organization Owner”, that has legal control over, and is responsible for, Organization Data. That User (the Organization Owner) is also the ‘controller’ of all Personal Data maintained in the Organization. Toggl processes these data on the Organization Owner’s behalf and is thus considered to be the ‘processor’ of the said Personal Data. This means that any enquiry, request, objection or complaint that you as a ‘data subject’ may have in connection with the processing of Personal Data that form part of Organization Data (i.e., where the information concerned relates to you) should be addressed to, and resolved by, the relevant Organization Owner. 7. Toggl is the ‘controller’ of the Personal Data that are collected by us or on our behalf through the activities listed in section 1 of this Policy, or which are otherwise processed for the purposes of our business. Specifically, it is Toggl OÜ that acts as the ‘controller’ of the said Personal Data. The following sections explain the collection and subsequent processing of these data in more detail. In case your relationship with Toggl is through Toggl Inc, all data processing operations relevant to that relationship have been delegated to Toggl OÜ (a company based in Estonia, with its processing operations also in Estonia). 8. Toggl is using internal Toggl Group sub-processors to provide service development, service delivery, and customer support services for all our products. There is an internal privacy policy in place that governs the data processing of Toggl Group sub-processors. To see the full list of sub-processors please visit the Sub-processors page.