Privacy Policy for Clockwork

This Privacy Policy describes how Clockwork (referred to as "we", "our", or "us") collects, uses, stores, and protects the personal data of employees using the application. Clockwork is a web application used to manage and view daily time input from biometric scanner devices. This Privacy Policy outlines our practices regarding the collection and use of your personal data in accordance with relevant privacy laws and regulations, including the Data Privacy Act of 2012 of the Philippines.

1. Information we collect

We collect the following types of personal data from employees using Clockwork:

• Email Address and Mobile Number: Used for authentication, verification, and communication purposes.
• Full Name: Assigned by the system for identification and tracking of attendance or time logs.
• Birthday and Sex: Required for employee sign-up, set up by human resource or officers in charge. These are used solely for identity verification
• Signature Specimen and Digital Signature (PKCS12): Provided optionally by the users after their account is approved by the agency. This is required when applying a digital signature to electronic documents.
• Attendance Data: Collected from biometric scanner devices to track attendance and working hours.

2. How We Use Your Information

Your personal data is used for the following purposes:

• Authentication and Verification: To securely authenticate and verify your identity when accessing Clockwork.
• Time Logging and Attendance: To track attendance and working hours based on biometric data.
• Digital Signature Application: To apply your digital signature to documents as requested by your employer.
• Communication: To contact you for system notifications or security-related issues.

3. Data Retention

We retain your data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Specifically, attendance logs and other relevant data will be retained for at least one year. After this period, you may request the deletion of your data, which will be subject to review and approval by the relevant authorities or governing bodies in compliance with applicable regulations and organizational policies.

4. Third-Party Data Sharing

Clockwork does not share any personal data collected through the application with third parties. All data is strictly used for internal purposes within the Provincial Government of Davao del Sur. We do not sell, rent, or disclose your personal information to any external organizations, companies, or third-party service providers.

5. Third-Party Authentication Services

Clockwork uses third-party services, including Google and Facebook, for OAuth authentication. These services allow employees to securely log in to the application using their existing accounts with these providers.

1. Data Collected by Third Parties:

When you authenticate via Google or Facebook, these providers may collect and share certain information with Clockwork, such as your: Name Email address Profile picture (if applicable)

2. Purpose of Data Sharing:

The information provided by Google or Facebook is used solely for authentication and verification to allow secure access to your Clockwork account.

3. Third-Party Privacy Policies:

Authentication services are governed by their respective privacy policies. We are not responsible for the privacy practices or terms of these third-party services. Your interaction with these providers, including account creation or login, is subject to their independent terms and conditions.

• Google Privacy Policy
• Facebook Privacy Policy

4. Your Rights:

You may revoke Clockwork's access to your Google or Facebook account at any time through your Google or Facebook account settings.

5. Security:

Clockwork does not store your Google or Facebook account password. Authentication is handled securely through OAuth protocols.

6. Data Security

We take the security of your personal data seriously. We implement appropriate physical, technical, and organizational measures to safeguard your data from unauthorized access, disclosure, alteration, or destruction. This includes:

• Encryption: We encrypt sensitive data, both in transit and at rest, to protect it from unauthorized access.
• Restricted Access: Access to your personal data is limited to authorized personnel who need the information to perform their job duties.

7. Your Rights

Under the Data Privacy Act of 2012, you have the following rights regarding your personal data:

• Access: You may request access to the personal data we hold about you.
• Correction: You can request that we correct any inaccuracies in your personal data.
• Deletion: You may request the deletion of your personal data, subject to certain conditions and legal obligations.
• Withdrawal of Consent: You may withdraw your consent to the collection and processing of your personal data at any time, subject to legal and contractual restrictions.

To exercise these rights or if you have any privacy-related concerns, please contact us at administrator@davaodelsur.gov.ph.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the updated Privacy Policy on this page, along with the effective date.

9. Contact Information

If you have any questions or concerns about this Privacy Policy, or if you wish to exercise your rights regarding your personal data, please contact us at:

Provincial Information and Communications Technology Office Email: administrator@davaodelsur.gov.ph